DNAADS, Checkmystats, and other Pop-ups are KILLING ME

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
I've been free of pop-ups and spyware for the 2 years I've had my computer, then I let my roommate use it since his laptop is getting repaired, now I'm infested. I've already scanned with Ad-Aware SE Pro, but I know I still have a long way to go before my computer is back to the way it was before. Here's the Hijackthis log, and thanks in advance for the help.


Logfile of HijackThis v1.99.1
Scan saved at 12:42:46 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\kkuljr.exe
C:\WINDOWS\System32\tasglnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\stotname.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us6.hpwis.com/
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitezwu32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\kkuljr.exe reg_run
O4 - HKLM\..\Run: [xF5P3nU] tasglnt.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [gouFRhYnT] stotname.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Nov 18, 2004
Messages
747
Hi purepnoy85,

  1. Prepare Ewido Security Suite for use:
    • Download the trial version of Ewido Security Suite.
    • Install the Program.
    • Click on the "update" button on the left hand side of the window.
    • Click on "Start Update".
    • You should not run the program yet so Exit the program.
  2. Prepare LQfix for use:
    • Download LQfix.zip.
    • Extract the contents of LQfix.zip to a convenient location like your Desktop.
  3. Reboot into Safe mode. To reboot in Safe mode:
    • Restart your computer and immediately begin tapping the F8 key on your keyboard.
    • If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
  4. Run LQfix:
    • Double-click LQfix.bat.
  5. Run Ewido Security Suite:
    • Open Ewido Security Suite.
    • Click on the "scanner" button on the left hand side of the window.
    • Click on "Complete System Scan".
    • After the scan is completed, save the logfile from the scan.
  6. Restart your computer normally to return to normal mode.
  7. Prepare in your reply:
    • Please post a fresh HijackThis log.
    • Please post the Ewido Security Suite log.
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
couldn't fit reports into one reply, so I'll do them separately....


EWIDO PART 1
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:09:28 PM, 7/10/2005
+ Report-Checksum: 12E716D5

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\xsul1bJlIRXK -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\xsuz1bJlIRXK -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt ->
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
EWIDO PART 2

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.759:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.760:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.774:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k9tpf1uj.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\f8opwe2i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\admin[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0006.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0009.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I1MXO3C9\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I1MXO3C9\trk_0006[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WRG3KX4Z\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WRG3KX4Z\trk_0009[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ddcu.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\onjmicep.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\eecypry.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\kkuljr.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\nsoB6A.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\rrvgw.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\stotname.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\tasglnt.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup


::Report End
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 3:16:39 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us6.hpwis.com/
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\kkuljr.exe reg_run
O4 - HKLM\..\Run: [xF5P3nU] tasglnt.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [gouFRhYnT] stotname.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Nov 18, 2004
Messages
747
Hi purepnoy85,

Please download Grinler's pfind (It is attached with this post)
Unzip it to the desktop and run pfind.bat.

Once the scan is finished, please CLOSE the Notepad window that pops up. Then please post the entire contents of the file C:\log.txt here for me.
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
There was no log.txt, only pfind.txt so I'll post that....

Files found with this application may be legitimate.
Only remove files that you know are malware related.


Checking the C: folder



Checking the C:\Program Files folder



Checking the C:\WINDOWS folder

C:\WINDOWS\aavro.dll: excl_urls=www3.popupsearches.com,www3.paypopup.com,www3.click2begin.com,www3.bigtrafficnetwork.com,www3.bigtrafficnetswork.com,www2.popupsearches.com,www2.paypopup.com,www2.click2begin.com,www2.bigtrafficnetwork.com,www2.bigtrafficnetswork.com,www12.popupsearches.com,www11.popupsearches.com,www10.popupsearches.com,www10.paypopup.com,www10.click2begin.com,www10.bigtrafficnetwork.com,www10.bigtrafficnetswork.com,www1.paypopup.com,www1.eta.us,www1.click2begin.com,www1.bigtrafficnetwork.com,www1.bigtrafficnetswork.com,wwW.smashits.com,www.ads.com,wwp.ic...yourfreedvds.com,z1.adserver.com,zone.msn.com


Checking the C:\WINDOWS\SYSTEM32 folder

C:\WINDOWS\SYSTEM32\ccqxnbx.exe: .aspack
C:\WINDOWS\SYSTEM32\DivX.dll: PEC2
C:\WINDOWS\SYSTEM32\DivX.dll: PECompact2
C:\WINDOWS\SYSTEM32\qqyga.dat: .aspack


Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder



Checking the C:\Documents and Settings\All Users\Start Menu\programs\Startup\ folder




Checking the C:\Documents and Settings\All Users\Application Data folder




Checking the C:\Documents and Settings\Administrator\Start Menu\programs\Startup\ folder




Checking the C:\Documents and Settings\Administrator\Application Data folder




Checking the Windows folder for system and hidden files within the last 60 days


C:\WINDOWS\
bootstat.dat Sun Jul 10 2005 3:11:02p A.S.. 2,048 2.00 K
qtfont.qfn Thu Jul 7 2005 9:20:22p A..H. 54,156 52.89 K

C:\WINDOWS\INF\
oem26.inf Sun Jun 26 2005 11:14:32p ...H. 0 0.00 K

C:\WINDOWS\TASKS\
sa.dat Sun Jul 10 2005 3:11:06p A..H. 6 0.00 K

C:\WINDOWS\LASTGOOD\INF\
dasetup.inf Mon May 30 2005 6:49:58p A..H. 0 0.00 K
dasetup.pnf Mon May 30 2005 6:49:58p A..H. 0 0.00 K
dxbda.inf Fri May 13 2005 5:49:12a A..H. 0 0.00 K
dxbda.pnf Fri May 13 2005 5:49:12a A..H. 0 0.00 K
dxdllreg.inf Fri May 13 2005 5:49:10a A..H. 0 0.00 K
dxdllreg.pnf Fri May 13 2005 5:49:10a A..H. 0 0.00 K
dxxp.inf Fri May 13 2005 5:48:04a A..H. 0 0.00 K
dxxp.pnf Fri May 13 2005 5:48:04a A..H. 0 0.00 K
mdacxpak.inf Mon May 30 2005 6:50:00p A..H. 0 0.00 K
mdacxpak.pnf Mon May 30 2005 6:50:00p A..H. 0 0.00 K
msxmlx.inf Mon May 30 2005 6:50:32p A..H. 0 0.00 K
msxmlx.pnf Mon May 30 2005 6:50:32p A..H. 0 0.00 K
oem27.inf Sun Jul 10 2005 12:38:26a A..H. 0 0.00 K
oem27.pnf Sun Jul 10 2005 12:38:26a A..H. 0 0.00 K
rspfiles.inf Mon May 30 2005 6:49:56p A..H. 0 0.00 K
rspfiles.pnf Mon May 30 2005 6:49:56p A..H. 0 0.00 K
sqlnet.inf Mon May 30 2005 6:50:36p A..H. 0 0.00 K
sqlnet.pnf Mon May 30 2005 6:50:36p A..H. 0 0.00 K
sqlodbc.inf Mon May 30 2005 6:50:40p A..H. 0 0.00 K
sqlodbc.pnf Mon May 30 2005 6:50:40p A..H. 0 0.00 K
sqloldb.inf Mon May 30 2005 6:50:42p A..H. 0 0.00 K
sqloldb.pnf Mon May 30 2005 6:50:42p A..H. 0 0.00 K
sqlxmlxp.inf Mon May 30 2005 6:50:34p A..H. 0 0.00 K
sqlxmlxp.pnf Mon May 30 2005 6:50:34p A..H. 0 0.00 K
wdsetup.inf Mon May 30 2005 6:49:58p A..H. 0 0.00 K
wdsetup.pnf Mon May 30 2005 6:49:58p A..H. 0 0.00 K

C:\WINDOWS\SYSTEM32\CONFIG\
default.log Sun Jul 10 2005 4:18:28p A..H. 1,024 1.00 K
sam.log Sun Jul 10 2005 3:15:04p A..H. 1,024 1.00 K
security.log Sun Jul 10 2005 3:21:12p A..H. 1,024 1.00 K
software.log Sun Jul 10 2005 4:25:28p A..H. 1,024 1.00 K
system.log Sun Jul 10 2005 4:21:00p A..H. 1,024 1.00 K

C:\WINDOWS\SYSTEM32\CATROOT\{F750E~1\
oem26.cat Thu May 26 2005 4:27:36a ..S.. 13,511 13.19 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\
desktop.ini Sat May 14 2005 7:28:24p ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\6NMHOPAL\
desktop.ini Sat May 14 2005 7:28:24p ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\8TIJWLEN\
desktop.ini Sat May 14 2005 7:28:24p ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WQYSQO0E\
desktop.ini Sat May 14 2005 7:28:24p ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\YZ9JT3D5\
desktop.ini Sat May 14 2005 7:28:24p ..SH. 67 0.06 K

41 items found: 41 files, 0 directories.
Total of file sizes: 75,176 bytes 73.41 K
 
Joined
Nov 18, 2004
Messages
747
Hi purepnoy85,

Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard as a reply.
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
WinPFind Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 C:\pfind.txt
PECompact2 C:\pfind.txt
aspack C:\pfind.txt
abetterinternet.com C:\pfind.txt
web-nex C:\pfind.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com C:\WINDOWS\aavro.dll
web-nex C:\WINDOWS\aavro.dll

Checking %System% folder...
aspack C:\WINDOWS\system32\ccqxnbx.exe
PEC2 C:\WINDOWS\system32\dfrg.msc
PEC2 C:\WINDOWS\system32\DivX.dll
PECompact2 C:\WINDOWS\system32\DivX.dll
aspack C:\WINDOWS\system32\qqyga.dat
Umonitor C:\WINDOWS\system32\rasdlg.dll

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/10/2005 C:\WINDOWS\QTFont.qfn
6/26/2005 C:\WINDOWS\inf\oem26.inf
5/30/2005 C:\WINDOWS\LastGood\INF\dasetup.inf
5/30/2005 C:\WINDOWS\LastGood\INF\dasetup.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\mdacxpak.inf
5/30/2005 C:\WINDOWS\LastGood\INF\mdacxpak.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\msxmlx.inf
5/30/2005 C:\WINDOWS\LastGood\INF\msxmlx.PNF
7/10/2005 C:\WINDOWS\LastGood\INF\oem27.inf
7/10/2005 C:\WINDOWS\LastGood\INF\oem27.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\rspfiles.inf
5/30/2005 C:\WINDOWS\LastGood\INF\rspfiles.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\sqlnet.inf
5/30/2005 C:\WINDOWS\LastGood\INF\sqlnet.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\sqlodbc.inf
5/30/2005 C:\WINDOWS\LastGood\INF\sqlodbc.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\sqloldb.inf
5/30/2005 C:\WINDOWS\LastGood\INF\sqloldb.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\sqlxmlxp.inf
5/30/2005 C:\WINDOWS\LastGood\INF\sqlxmlxp.PNF
5/30/2005 C:\WINDOWS\LastGood\INF\wdsetup.inf
5/30/2005 C:\WINDOWS\LastGood\INF\wdsetup.PNF
7/13/2005 C:\WINDOWS\system32\config\default.LOG
7/12/2005 C:\WINDOWS\system32\config\SAM.LOG
7/14/2005 C:\WINDOWS\system32\config\SECURITY.LOG
7/14/2005 C:\WINDOWS\system32\config\software.LOG
7/14/2005 C:\WINDOWS\system32\config\system.LOG
7/12/2005 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

Checking %ALLUSERSPROFILE%\Startup folder...

Checking %ALLUSERSPROFILE%\Application Data folder...

Checking %USERPROFILE%\Startup folder...

Checking %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

*\shellex\ContextMenuHandlers
*\shellex\ContextMenuHandlers\ggksnfsn
{e0c4b5d7-da8f-49a5-88d8-f73a92436b0e} = C:\WINDOWS\System32\rrvgw.dll
*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\QuickSFV Shell Extension
{906b0e6e-61ce-11d3-8ee2-0060080a7242} = C:\Program Files\QuickSFV\QSFVShll.dll
*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin =

SOFTWARE\Classes\Folder\shellex\ColumnHandlers
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ehTray C:\WINDOWS\ehome\ehtray.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057 "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
KBD C:\HP\KBD\KBD.EXE
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
WINDVDPatch CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
Jet Detection "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
DeadAIM rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QD FastAndSafe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PSof1 C:\WINDOWS\System32\PSof1.exe
exp.exe C:\WINDOWS\System32\exp.exe
WinTask driver C:\WINDOWS\System32\wintask.exe
cfgmgr52 RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
KavSvc C:\WINDOWS\System32\kkuljr.exe reg_run
xF5P3nU tasglnt.exe
DDCActiveMenu "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
Norton SystemWorks "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
gouFRhYnT stotname.exe
180ClientStubInstall "C:\temp\stubinstaller6480.exe"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
 
Joined
Nov 18, 2004
Messages
747
Hi purepnoy85,

There is a new version of WinPfind and a new way to tackle this infection.

Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    1. Go to the WinPFind folder
    2. Locate WinPFind.txt
    3. Place those results in the next post!

Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
 

purepnoy85

Thread Starter
Joined
Jul 10, 2005
Messages
9
WinPFind Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 7/10/2005 4:27:04 PM 15540 C:\pfind.txt
PECompact2 7/10/2005 4:27:04 PM 15540 C:\pfind.txt
aspack 7/10/2005 4:27:04 PM 15540 C:\pfind.txt
abetterinternet.com 7/10/2005 4:27:04 PM 15540 C:\pfind.txt
web-nex 7/10/2005 4:27:04 PM 15540 C:\pfind.txt
ad-w-a-r-e.com 7/10/2005 4:27:04 PM 15540 C:\pfind.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 7/10/2005 10:55:02 AM 10887 C:\WINDOWS\aavro.dll
web-nex 7/10/2005 10:55:02 AM 10887 C:\WINDOWS\aavro.dll
ad-w-a-r-e.com 7/10/2005 10:55:02 AM 10887 C:\WINDOWS\aavro.dll

Checking %System% folder...
aspack 7/10/2005 12:36:46 AM 7168 C:\WINDOWS\SYSTEM32\ccqxnbx.exe
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 3:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 3:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
aspack 7/10/2005 12:36:44 AM 61952 C:\WINDOWS\SYSTEM32\qqyga.dat
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder for system and hidden files within the last 60 days...
7/16/2005 9:24:30 PM 54156 C:\WINDOWS\QTFont.qfn
6/26/2005 11:14:32 PM 0 C:\WINDOWS\inf\oem26.inf
7/14/2005 10:36:08 PM 305145 C:\WINDOWS\pchealth\helpctr\PackageStore\package_13.cab
7/14/2005 10:40:50 PM 68327 C:\WINDOWS\pchealth\helpctr\PackageStore\package_14.cab
7/20/2005 7:01:16 PM 8192 C:\WINDOWS\system32\config\default.LOG
7/20/2005 7:01:50 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/20/2005 7:01:32 PM 16384 C:\WINDOWS\system32\config\SECURITY.LOG
7/20/2005 7:01:40 PM 61440 C:\WINDOWS\system32\config\software.LOG
7/20/2005 7:01:40 PM 1220608 C:\WINDOWS\system32\config\system.LOG
7/14/2005 11:32:46 PM 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/20/2005 6:59:52 PM 6 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/16/2002 8:57:56 PM 1800 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
5/2/2005 4:49:24 PM 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
5/2/2005 3:25:38 PM 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
5/3/2005 5:42:04 PM 1741 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/30/2005 12:16:34 AM 1770 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/2/2005 4:49:14 PM 194 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
4/30/2005 11:03:30 PM 1556 C:\Documents and Settings\Administrator\Application Data\AdobeDLM.log
4/30/2005 11:03:28 PM 0 C:\Documents and Settings\Administrator\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\iebar
iebar =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
SV1 =

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ggksnfsn
{e0c4b5d7-da8f-49a5-88d8-f73a92436b0e} = C:\WINDOWS\System32\rrvgw.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\QuickSFV Shell Extension
{906b0e6e-61ce-11d3-8ee2-0060080a7242} = C:\Program Files\QuickSFV\QSFVShll.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ehTray C:\WINDOWS\ehome\ehtray.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057 "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
KBD C:\HP\KBD\KBD.EXE
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
WINDVDPatch CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
Jet Detection "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
DeadAIM rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QD FastAndSafe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PSof1 C:\WINDOWS\System32\PSof1.exe
exp.exe C:\WINDOWS\System32\exp.exe
WinTask driver C:\WINDOWS\System32\wintask.exe
cfgmgr52 RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
KavSvc C:\WINDOWS\System32\kkuljr.exe reg_run
xF5P3nU tasglnt.exe
DDCActiveMenu "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Norton SystemWorks "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
gouFRhYnT stotname.exe
180ClientStubInstall "C:\temp\stubinstaller6480.exe"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun [
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.2 - Log file written to "WinPFind.Txt" in the WinPFind folder.



Track qoo Log

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"="\"C:\\Program Files\\USB Storage RW\\shwicon.exe\" -t\"KYE Electronics Corp.\\USB Storage R/W v1.14e057\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DeadAIM"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QD FastAndSafe"=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PSof1"="C:\\WINDOWS\\System32\\PSof1.exe"
"exp.exe"="C:\\WINDOWS\\System32\\exp.exe"
"WinTask driver"="C:\\WINDOWS\\System32\\wintask.exe"
"cfgmgr52"="RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun"
"KavSvc"="C:\\WINDOWS\\System32\\kkuljr.exe reg_run"
"xF5P3nU"="tasglnt.exe"
"DDCActiveMenu"="\"C:\\Program Files\\WildTangent\\DDC\\ActiveMenu\\DDCActiveMenu.exe\" -boot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ggksnfsn
{e0c4b5d7-da8f-49a5-88d8-f73a92436b0e}
C:\WINDOWS\System32\rrvgw.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- QuickSFV Shell Extension
{906b0e6e-61ce-11d3-8ee2-0060080a7242}
C:\Program Files\QuickSFV\QSFVShll.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
C:\Program Files\WinAce\arcext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
hp center.lnk
hp psc 1000 series.lnk
hpoddt01.exe.lnk
Microsoft Office.lnk
NETGEAR WG311v2 Smart Configuration.lnk
==============================
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

desktop.ini
hp center.lnk
hp psc 1000 series.lnk
hpoddt01.exe.lnk
Microsoft Office.lnk
NETGEAR WG311v2 Smart Configuration.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
AudioHQU.cpl Creative Technology Ltd.
bdeadmin.cpl Inprise Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
ImageDrive.cpl Ahead Software AG
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
speech.cpl Microsoft
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top