Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Problems


  • Please log in to reply
34 replies to this topic

#1 Perfect Sin

Perfect Sin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 15 May 2005 - 08:57 PM

I was told HijackThis could find problems with your computer. You know, some things that virus scanners and spyware scanner couldn't pick up...

Well, I have a virus on my comp GenericBackdoor.I i guess is the virus. Anyways it always pops up in a file labled Nail[1].exe But whenever you delete this file it always come back so obviously there's another program copying this file. I also have various inactive spyware components getting picked up like DownloaderK etc..

I've made several attempts to do multiple scans on my computer. I've tried running the programs below in Safe Mode and Normal [BTW I have WinXP Pro SP.2] McAfee Virus scanner is usually the program that picks all the spyware and virus components up.


Programs i use are

McAfee VirusScan
McAfee Anti-Spyware
Ad-Aware Pro
Registry Mechanic


Anyways i then downloaded HijackThis to see if maybe any of you guys know how to get rid of this stuff. So the log file is thus...


Logfile of HijackThis v1.99.1
Scan saved at 9:43:44 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\windows\system32\ifohapz.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {14EA7A0C-4E95-458F-B1EC-96173ADDC29A} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\system32\mpegcore.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [hkkxto] c:\windows\system32\ifohapz.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Plz excuse me if i did not answer any of the required fields or if this topic is out of your hands.

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 16 May 2005 - 01:12 PM

Hi Perfect Sin and welcome to the BC forums. I do not see nail.exe on your computer at this time. Can you check for the following files and tell me if they are present on your system?

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
See if the following files are present:c:\windows\nail.exe
DrPMon.dll

Let me know what you find and then we will fix this up.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 16 May 2005 - 07:16 PM

hey sry about the reply time..but yeah i found

DrPMon.dll

Didn't find nail.exe though

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 16 May 2005 - 08:53 PM

Hi Perfect Sin. Ok, let's get started. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Download and install ewido security suite. Update the program and then close it. Do not run it yet.

Step #2

Open Notepad and copy/paste the text in the quotebox below into the new document:

@ECHO OFF
process -k explorer.exe
cd %windir%
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h svcproc.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
attrib -s -r -h mpegcore.dll
del mpegcore.dll
attrib -s -r -h ifohapz.exe
del ifohapz.exe
cd %windir%\system32\dllcache\win32
sc config NTLOAD start= disabled
sc stop NTLOAD
sc delete NTLOAD
sc config NVSvc start= disabled
sc stop NVSvc
sc delete NVSvc
attrib -s -r -h winlogon.exe
del winlogon.exe
start explorer.exe
exit


Save the document to your desktop as fixnail.bat and close Notepad.

Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {14EA7A0C-4E95-458F-B1EC-96173ADDC29A} - blank (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\system32\mpegcore.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
O4 - HKLM\..\Run: [hkkxto] c:\windows\system32\ifohapz.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #5

Locate the fixnail.bat file on your desktop and double-click on it to run it.

Step #6

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #7

Start ewido and click the Scanner button and then click the Start button. Let it run to completion and fix everything it finds.

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 16 May 2005 - 10:03 PM

Here is the log you requested umm i had 2 problems. One was that one of the hijackthis components you told me to delete wasn't in the new scan log. That was the

O4 - HKLM\..\Run: [hkkxto] c:\windows\system32\ifohapz.exe

The other problem i had was that ewido wouldn't start the scan. When i clicked the scanner button it brought me to the next window but the "Start" button was grey indicating that somthing wasn't clicked or highlighted for it to scan. I tried just telling it to clean the C: drive but it still wouldn't start. So in other words there was no ewido scan in safe mode. Then as i was typing this reply to you ewido popped up saying it had detected and removed a trojan. I dunno, i'll hear from you soon.



Logfile of HijackThis v1.99.1
Scan saved at 10:56:00 PM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\windows\system32\xwxnzx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [cucocy] c:\windows\system32\xwxnzx.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 16 May 2005 - 10:40 PM

Hi Perfect Sin. Well, that's a new one. I have never had that before. We still have something in the system so let's try a scan for hidden files that do not show up in a Hijackthis log.

Download PFind.zip and unzip the contents to its own permanent folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:
  • Restart the computer in Safe Mode.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the pfind.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\pfind.txt back here and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 17 May 2005 - 08:51 PM

Well i did everything as you said. Booted the computer in safe mode and ran pfind.bat it worked well up to the very end, then it opened a blank notepad document and said it could not find pfind.txt would you like to create a new one. And i said Yes and nothing happened. Was there something wrong with the scripting of the program?


Oh i also found the 3 spyware components that McAfee was finding on my computer, they are

Adaware-abetterintrnet
Prockill-CR
Downloader-KL


Some good news is that McAfee isn't promting me anymore saying it has deleted the Generic Backdoor.I virus. So hopefully that is gone.

I have not touched my computer since i did the pfind.bat thing.

#8 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 17 May 2005 - 08:52 PM

There is a .txt file in the pfind folder labled patterns.txt i don't know if that's what you wanted or not...

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 18 May 2005 - 12:23 AM

Hey Perfect Sin. I think there may be a problem with the new pattern file (the definitions of infections we look for).

Give me until tomorrow so I can get it fixed and I will post back here for you to download it again.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 18 May 2005 - 11:18 AM

Hi OldTimer. I could not get ahold of the author this morning so let's go with a different scanner.

Download Find_It_s.zip and unzip the contents to its own folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:
  • Restart the computer in Safe Mode.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the FindIt's.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\log.txt back here and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 18 May 2005 - 07:10 PM

Hey i found a .txt file right on my C: drive labled log.txt It might be the log pfind made or it might not, dunno, but i thought it wouldn't hurt to post it.


***** Start



Direct Parallel (parallel) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPPOE) (pppoe) rank:2

Communications cable between two computers (modem) rank:4

Intel® 537EP V9x DF PCI Modem (modem) rank:4

Direct Parallel (parallel) rank:0

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

***** End



***** Start



Direct Parallel (parallel) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPPOE) (pppoe) rank:2

Communications cable between two computers (modem) rank:4

Intel® 537EP V9x DF PCI Modem (modem) rank:4

Direct Parallel (parallel) rank:0

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

device Intel® 537EP V9x DF PCI Modem

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

thread creating

Looking for programs...

no programs found

closing browser

setting limit 1800

entry creating IntexusDial

Intel® 537EP V9x DF PCI Modem modem

entry created

session ecddcd28.c81f.4995.a7f0.546de17462c8

dialing 090090001214

user: p2p-11066&ecddcd28.c81f.4995.a7f0.546de17462c8

pass:

dial failed 680

disconnecting

disconnected

entry deleting IntexusDial

entry deleted

short connection

thread terminated

closing browser

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

***** End



***** Start



Direct Parallel (parallel) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPPOE) (pppoe) rank:2

Communications cable between two computers (modem) rank:4

Intel® 537EP V9x DF PCI Modem (modem) rank:4

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

Direct Parallel (parallel) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (L2TP) (vpn) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (ATW) (irda) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPTP) (vpn) rank:0

WAN Miniport (PPPOE) (pppoe) rank:2

Communications cable between two computers (modem) rank:4

Intel® 537EP V9x DF PCI Modem (modem) rank:4

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

deviceno 9

Intel® 537EP V9x DF PCI Modem modem

thread creating

Looking for programs...

no programs found

closing browser

setting limit 1800

entry creating IntexusDial

Intel® 537EP V9x DF PCI Modem modem

entry created

session 4ca87028.dc29.4a21.9816.0db46b4c42aa

dialing 090090001214

user: p2p-11066&4ca87028.dc29.4a21.9816.0db46b4c42aa

pass:

dial failed 680

disconnecting

disconnected

entry deleting IntexusDial

entry deleted

short connection

thread terminated

closing browser

old thread closed

thread creating

Looking for programs...

no programs found

closing browser

setting limit 1800

entry creating IntexusDial

Intel® 537EP V9x DF PCI Modem modem

entry created

session de5e87a0.7691.4c33.8714.5cf77cbbf6a5

dialing 090090001214

user: p2p-11066&de5e87a0.7691.4c33.8714.5cf77cbbf6a5

pass:

dial failed 680

disconnecting

disconnected

entry deleting IntexusDial

entry deleted

short connection

thread terminated

closing browser

***** End









I'm still have to run Find It s.zip though and i'll get back to you tomarrow.

Edited by Perfect Sin, 18 May 2005 - 07:11 PM.


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 18 May 2005 - 08:48 PM

Hey Perfect Sin. I don't know what that file is. If pfind made a log it would be c:\pfind.txt. I did talk to the author and got it changed so if you want to download it again you can use that. Otherwise just run the findit's.bat file. the information should be the same now.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 19 May 2005 - 05:33 AM

When I run the Findit's application i get the message prompt.

C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.

So it gives me the option to ignore or close this, but niether of them do anything and the same message pops back up whenever you hit one of the 2.

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:01 AM

Posted 19 May 2005 - 11:07 AM

Hi Perfect Sin. It sounds like your autoexec.nt file is corrupted. Download xp_fix.exe and install it.

Now rerun the Findit's.bat file and post the results back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Perfect Sin

Perfect Sin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 20 May 2005 - 05:59 AM

I have two logs for you. The first one is the Ewido log (I got it to work), and the Find It S log.


Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:49:47 AM, 5/20/2005
+ Report-Checksum: DD5B2798

+ Date of database: 5/19/2005
+ Version of scan engine: v3.0

+ Duration: 43 min
+ Scanned Files: 127179
+ Speed: 49.11 Files/Second
+ Infected files: 5
+ Removed files: 5
+ Files put in quarantine: 5
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\

+ Scan result:
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0000380.dll -> Spyware.MediaBack.a -> Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0000382.exe -> Spyware.VB.gc -> Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0000383.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0000384.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0000385.dll -> Spyware.Beginto.c -> Cleaned with backup


::Report End


Find It S

(This is a huge log file so good luck)


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 05/19/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Todo Files found

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
aurora Files found

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM

Suspect's
Dont delete file's in the section without guidance
If any doubt back them up first

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
lagitamate file's can/will show in this section.

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Buddy file's
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM

SAHAgent Files found

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Misc checks

Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM
Cannot execute C:\DOWNLO~1\FIND_IT__S\FIND-IT'S\XFIND.COM

Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C has no label.
Volume Serial Number is 5C11-AD90

Directory of C:\WINDOWS\SYSTEM32

05/09/2005 06:33 PM <DIR> cache32_rtneg3
0 File(s) 0 bytes
1 Dir(s) 204,971,778,048 bytes free
Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is 5C11-AD90

Directory of C:\WINDOWS\system32

05/01/2005 01:04 AM 3,262 creditcard32123123123asdsa1.ico
05/01/2005 01:04 AM 4,286 greenmovie2313asaadsasfad.ico
05/01/2005 01:04 AM 3,262 kill popups.ico
05/01/2005 01:04 AM 4,286 mp3red51aads1.ico
05/01/2005 01:04 AM 2,238 red_kas21.ico
05/01/2005 01:04 AM 3,262 vh e2331.ico
6 File(s) 20,596 bytes
0 Dir(s) 204,971,778,048 bytes free

.

HKEY_CURRENT_USER\Software\aurora\AUC3n5trMsgSDisp
HKEY_CURRENT_USER\Software\aurora\AUL3a5stMotsSDay
HKEY_CURRENT_USER\Software\aurora\AUL3a5stSSChckin
HKEY_CURRENT_USER\Software\aurora\AUP3D5om
HKEY_CURRENT_USER\Software\aurora\AUB3D5om
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky1S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky2S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky3S
HKEY_CURRENT_USER\Software\aurora\AUs3t5icky4S
HKEY_CURRENT_USER\Software\aurora\AUE3v5nt
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSBath
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSysSInf
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSCheckSIn
HKEY_CURRENT_USER\Software\aurora\AUT3h5rshSMots
HKEY_CURRENT_USER\Software\aurora\AUL3n5Title
HKEY_CURRENT_USER\Software\aurora\AU3N5a7tionSCode
HKEY_CURRENT_USER\Software\aurora\AUD3s5tSSEnd
HKEY_CURRENT_USER\Software\aurora\AUC3u5rrentSMode
HKEY_CURRENT_USER\Software\aurora\AUC3n5tFyl
HKEY_CURRENT_USER\Software\aurora\AUM3o5deSSync
HKEY_CURRENT_USER\Software\aurora\AUI3g5noreS
HKEY_CURRENT_USER\Software\aurora\AUC1o3d5eOfSFinalAd
HKEY_CURRENT_USER\Software\aurora\AUT3i5m7eOfSFinalAd
HKEY_CURRENT_USER\Software\aurora\AUI3d5OfSInst
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSCab
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSEx
HKEY_CURRENT_USER\Software\aurora\AUI3n5ProgSLstest
HKEY_CURRENT_USER\Software\aurora\AUS3t5atusOfSInst
HKEY_CURRENT_USER\Software\aurora\AUI3d5OfSDist
HKEY_CURRENT_USER\Software\_rtneg3\ccat
HKEY_CURRENT_USER\Software\_rtneg3\ffafid
HKEY_CURRENT_USER\Software\_rtneg3\uiuid
HKEY_CURRENT_USER\Software\_rtneg3\iinst
HKEY_CURRENT_USER\Software\_rtneg3\mmsgtim
HKEY_CURRENT_USER\Software\_rtneg3\llupdtim
HKEY_CURRENT_USER\Software\_rtneg3\tttimmm
HKEY_CURRENT_USER\Software\_rtneg3\4404
HKEY_CURRENT_USER\Software\_rtneg3\llmsgid
HKEY_CURRENT_USER\Software\_rtneg3\ppusid
HKEY_CURRENT_USER\Software\_rtneg3\llico
HKEY_CURRENT_USER\Software\_rtneg3\rets
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\2
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\297
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\267
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\9
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\268
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\13
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\14
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\15
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\16
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\17
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\18
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\19
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\20
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\21
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\22
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\23
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\24
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\26
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\266
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\31
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\32
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\33
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\34
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\35
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\36
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\37
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\38
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\39
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\40
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\41
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\42
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\43
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\44
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\45
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\46
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\47
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\48
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\49
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\50
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\51
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\52
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\53
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\54
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\55
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\56
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\57
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\58
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\59
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\60
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\61
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\62
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\63
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\64
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\65
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\66
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\67
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\68
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\69
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\70
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\71
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\72
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\73
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\74
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\75
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\76
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\77
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\78
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\79
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\80
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\81
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\82
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\83
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\84
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\85
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\86
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\87
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\88
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\89
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\90
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\91
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\92
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\93
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\94
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\95
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\96
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\97
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\98
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\99
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\100
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\101
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\102
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\103
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\104
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\105
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\106
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\107
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\108
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\109
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\110
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\111
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\112
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\113
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\114
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\115
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\116
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\117
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\118
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\119
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\120
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\121
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\122
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\123
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\124
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\125
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\126
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\127
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\128
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\129
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\130
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\131
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\132
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\133
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\134
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\135
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\136
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\137
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\138
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\139
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\140
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\141
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\142
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\143
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\144
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\145
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\146
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\147
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\148
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\149
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\150
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\151
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\152
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\153
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\154
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\155
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\156
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\157
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\158
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\159
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\160
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\161
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\162
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\163
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\164
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\165
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\166
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\167
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\168
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\169
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\170
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\171
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\172
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\173
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\174
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\175
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\176
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\177
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\178
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\179
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\180
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\181
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\182
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\183
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\184
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\185
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\186
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\187
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\188
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\189
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\190
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\191
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\192
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\193
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\194
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\195
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\196
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\197
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\198
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\199
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\200
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\201
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\202
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\203
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\204
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\205
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\206
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\207
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\208
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\209
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\210
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\211
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\212
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\213
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\214
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\215
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\216
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\217
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\218
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\219
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\220
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\221
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\222
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\223
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\224
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\225
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\226
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\227
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\228
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\229
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\230
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\231
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\232
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\233
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\234
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\235
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\236
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\237
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\238
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\239
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\240
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\241
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\242
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\243
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\244
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\245
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\246
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\247
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\248
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\249
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\250
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\251
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\252
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\253
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\254
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\255
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\256
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\257
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\258
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\259
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\261
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\262
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\263
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\264
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\265
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\270
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\271
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\272
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\273
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\274
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\275
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\276
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\277
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\278
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\279
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\280
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\281
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\282
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\283
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\284
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\285
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\286
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\287
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\288
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\289
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\290
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\291
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\292
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\293
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\294
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\295
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\296
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\298
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\299
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\300
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\301
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\302
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\303
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\304
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\305
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\306
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\307
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\308
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\309
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\310
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\311
HKEY_CURRENT_USER\Software\_rtneg3\eeennn\312
HKEY_CURRENT_USER\Software\_rtneg3\kkws\date
HKEY_CURRENT_USER\Software\_rtneg3\kkws\friendster
HKEY_CURRENT_USER\Software\_rtneg3\kkws\myspace
HKEY_CURRENT_USER\Software\_rtneg3\kkws\lavalife
HKEY_CURRENT_USER\Software\_rtneg3\kkws\match
HKEY_CURRENT_USER\Software\_rtneg3\kkws\craps
HKEY_CURRENT_USER\Software\_rtneg3\kkws\oprah
HKEY_CURRENT_USER\Software\_rtneg3\kkws\casino game
HKEY_CURRENT_USER\Software\_rtneg3\kkws\card gambling
HKEY_CURRENT_USER\Software\_rtneg3\kkws\music download sites
HKEY_CURRENT_USER\Software\_rtneg3\kkws\dating free
HKEY_CURRENT_USER\Software\_rtneg3\kkws\poker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\compare spyware removers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sex search
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sexsearch
HKEY_CURRENT_USER\Software\_rtneg3\kkws\singles
HKEY_CURRENT_USER\Software\_rtneg3\kkws\single
HKEY_CURRENT_USER\Software\_rtneg3\kkws\americansingles
HKEY_CURRENT_USER\Software\_rtneg3\kkws\dates
HKEY_CURRENT_USER\Software\_rtneg3\kkws\matchmaking
HKEY_CURRENT_USER\Software\_rtneg3\kkws\hot or not
HKEY_CURRENT_USER\Software\_rtneg3\kkws\hotornot
HKEY_CURRENT_USER\Software\_rtneg3\kkws\drphil
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sweepstakes
HKEY_CURRENT_USER\Software\_rtneg3\kkws\jackpot
HKEY_CURRENT_USER\Software\_rtneg3\kkws\gamesville
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo games
HKEY_CURRENT_USER\Software\_rtneg3\kkws\real arcade
HKEY_CURRENT_USER\Software\_rtneg3\kkws\uproar
HKEY_CURRENT_USER\Software\_rtneg3\kkws\realarcade
HKEY_CURRENT_USER\Software\_rtneg3\kkws\iwon
HKEY_CURRENT_USER\Software\_rtneg3\kkws\iwin
HKEY_CURRENT_USER\Software\_rtneg3\kkws\astology
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bingos
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free bingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\online bingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bingo online
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pay bingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\tournaments
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free games
HKEY_CURRENT_USER\Software\_rtneg3\kkws\keno
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pull tabs
HKEY_CURRENT_USER\Software\_rtneg3\kkws\internet bingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bingomania
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ibingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bingo palace
HKEY_CURRENT_USER\Software\_rtneg3\kkws\cashmill
HKEY_CURRENT_USER\Software\_rtneg3\kkws\freebingo
HKEY_CURRENT_USER\Software\_rtneg3\kkws\dr. phil
HKEY_CURRENT_USER\Software\_rtneg3\kkws\reno
HKEY_CURRENT_USER\Software\_rtneg3\kkws\prizes
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spim
HKEY_CURRENT_USER\Software\_rtneg3\kkws\music downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spam
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock trade
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock tip
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock symbol
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock strategy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock split
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock share
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock screener
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock research
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock report
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock recommendation
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock quote
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock quotes
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock purchase
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock price
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock pick
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock options
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock newsletter
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock news
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock market
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investments
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investment tip
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investment information
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investment strategy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investment advice
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investment
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock information
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock history
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock guide
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock future
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock finance
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock exchange
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock dividend
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock chart
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock buying
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock certificate
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock broker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock analyzer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock advisor
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock advise
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock advice
HKEY_CURRENT_USER\Software\_rtneg3\kkws\smart investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\penny stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\penny software stock trading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\penny pick
HKEY_CURRENT_USER\Software\_rtneg3\kkws\penny oil stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\over the counter stocks
HKEY_CURRENT_USER\Software\_rtneg3\kkws\penny gold stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\over the counter stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\otcbb.com
HKEY_CURRENT_USER\Software\_rtneg3\kkws\otc stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\otc
HKEY_CURRENT_USER\Software\_rtneg3\kkws\options exchange
HKEY_CURRENT_USER\Software\_rtneg3\kkws\online stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\online investment information
HKEY_CURRENT_USER\Software\_rtneg3\kkws\online investment advice
HKEY_CURRENT_USER\Software\_rtneg3\kkws\oil stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\money management
HKEY_CURRENT_USER\Software\_rtneg3\kkws\investment
HKEY_CURRENT_USER\Software\_rtneg3\kkws\investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\internet stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\hot stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stock tips
HKEY_CURRENT_USER\Software\_rtneg3\kkws\discount stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\discount rate stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\discount online stock trading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\discount preferred rate stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\discount card stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\direct investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrading technique
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrading strategy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrading stocks
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrading chatroom
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrader
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daytrade
HKEY_CURRENT_USER\Software\_rtneg3\kkws\day traders
HKEY_CURRENT_USER\Software\_rtneg3\kkws\day trader
HKEY_CURRENT_USER\Software\_rtneg3\kkws\day trade
HKEY_CURRENT_USER\Software\_rtneg3\kkws\daily stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\cnn money
HKEY_CURRENT_USER\Software\_rtneg3\kkws\chat penny room stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\buy stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\broker comparison discount stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\broker discount
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best stock pick
HKEY_CURRENT_USER\Software\_rtneg3\kkws\better investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bond broker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bond investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best stock investment
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best investment advice
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best penny pick stock
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best discount stock broker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\angel investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\american stock exchange
HKEY_CURRENT_USER\Software\_rtneg3\kkws\alternative investment
HKEY_CURRENT_USER\Software\_rtneg3\kkws\after hours trading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\after hours stock trading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stockoption
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stocks
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stocktrader
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stocktrading
HKEY_CURRENT_USER\Software\_rtneg3\kkws\strategy for stock investing
HKEY_CURRENT_USER\Software\_rtneg3\kkws\trading stock investment
HKEY_CURRENT_USER\Software\_rtneg3\kkws\nasdaq
HKEY_CURRENT_USER\Software\_rtneg3\kkws\nyse
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware nuker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pestpatrol
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ilookup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\anti spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware removers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware removal tool
HKEY_CURRENT_USER\Software\_rtneg3\kkws\malware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spybots spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware removal downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\stop spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware virus
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware detector
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware checker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sbc spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best spyware remover
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware search
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware blockers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware removal program
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bazooka spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\online spyware scan
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware cleaner
HKEY_CURRENT_USER\Software\_rtneg3\kkws\mcafee spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spybot spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\kill spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware sweeper
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\viewpoint media player spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware removal tool
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\delete spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\mac spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware begone
HKEY_CURRENT_USER\Software\_rtneg3\kkws\get rid of spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo spyware toolbar
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware removal program
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware share ware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware guard
HKEY_CURRENT_USER\Software\_rtneg3\kkws\removing spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware removers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\detect spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware remover download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\activation key spyware stormer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware protection
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware detector
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware program
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware removal software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\internet washer spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware review
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free ware spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware scan
HKEY_CURRENT_USER\Software\_rtneg3\kkws\microsoft spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\giant spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware search and destroy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware scan
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware detection
HKEY_CURRENT_USER\Software\_rtneg3\kkws\remove spyware free
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware eliminator
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware software removal
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware protection
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware scanner
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\microsoft.com spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware stormer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware blaster
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware doctor
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware remover
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware removal
HKEY_CURRENT_USER\Software\_rtneg3\kkws\uninstall spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\trojans
HKEY_CURRENT_USER\Software\_rtneg3\kkws\uninstall adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\active x
HKEY_CURRENT_USER\Software\_rtneg3\kkws\hacking
HKEY_CURRENT_USER\Software\_rtneg3\kkws\keyloggers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\scumware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\dialers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\parasites
HKEY_CURRENT_USER\Software\_rtneg3\kkws\data mining
HKEY_CURRENT_USER\Software\_rtneg3\kkws\toolbars
HKEY_CURRENT_USER\Software\_rtneg3\kkws\drive-by download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\tracking cookies
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware registration keys
HKEY_CURRENT_USER\Software\_rtneg3\kkws\browser hijackers
HKEY_CURRENT_USER\Software\_rtneg3\kkws\browser hijack
HKEY_CURRENT_USER\Software\_rtneg3\kkws\nude
HKEY_CURRENT_USER\Software\_rtneg3\kkws\browser hijacking
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware and adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware spyware removal tool
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware remover
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware com
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware removal
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ad adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware remover
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware removal
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\gator
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware remove
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ad adware se
HKEY_CURRENT_USER\Software\_rtneg3\kkws\anti adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware se personal
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\remove spyware adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware free downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware removal tool
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware scan
HKEY_CURRENT_USER\Software\_rtneg3\kkws\removing adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bargainbuddy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware program
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware virus
HKEY_CURRENT_USER\Software\_rtneg3\kkws\eliminator
HKEY_CURRENT_USER\Software\_rtneg3\kkws\filter
HKEY_CURRENT_USER\Software\_rtneg3\kkws\clickalchemy
HKEY_CURRENT_USER\Software\_rtneg3\kkws\dealhelper
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ezula
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ad aware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adaware for mac
HKEY_CURRENT_USER\Software\_rtneg3\kkws\cydoor
HKEY_CURRENT_USER\Software\_rtneg3\kkws\remove adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\no adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware spyware remover
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free spyware adware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free adware software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\180solutions
HKEY_CURRENT_USER\Software\_rtneg3\kkws\180 solutions
HKEY_CURRENT_USER\Software\_rtneg3\kkws\metrics direct
HKEY_CURRENT_USER\Software\_rtneg3\kkws\180metricsdirect
HKEY_CURRENT_USER\Software\_rtneg3\kkws\whenu
HKEY_CURRENT_USER\Software\_rtneg3\kkws\avenuemedia
HKEY_CURRENT_USER\Software\_rtneg3\kkws\avenue medias
HKEY_CURRENT_USER\Software\_rtneg3\kkws\avenue internet
HKEY_CURRENT_USER\Software\_rtneg3\kkws\internet optimizer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\coolwebsearch
HKEY_CURRENT_USER\Software\_rtneg3\kkws\panic ware pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup eraser
HKEY_CURRENT_USER\Software\_rtneg3\kkws\window shades
HKEY_CURRENT_USER\Software\_rtneg3\kkws\antipopup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popuppopper
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popsmarts
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popdown
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop-down
HKEY_CURRENT_USER\Software\_rtneg3\kkws\magickillah
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popupwar pro
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popoops
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bannerzapper
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup zero
HKEY_CURRENT_USER\Software\_rtneg3\kkws\amigo popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\emerald popstop
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ad killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\mypopupkiller
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adshield
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popkiller
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup block
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup terminator
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop-under
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware blocker free pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\bar blocker pop tool up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker for window 95
HKEY_CURRENT_USER\Software\_rtneg3\kkws\msn toolbar pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker edition free pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker godzilla pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\messenger pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker pop up verizon
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker goggle pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\cox pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker pro
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ultimate pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker pop stopzilla up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\google toolbar pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\super pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pow pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\mcafee pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\enable pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\Online Casino
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker download google pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker trial
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker free pop spyware up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker pop smart up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ie pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\remove pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker internet pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker free google pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\enigma pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\uninstall pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adware blocker pop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\aim pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker share ware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker test
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up add blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sbc yahoo pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker review
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker explorer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\panicware pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\earthlink pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\norton pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\blocker pop stop up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\turn off pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker for window xp
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\spyware pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker toolbar
HKEY_CURRENT_USER\Software\_rtneg3\kkws\sbc pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker site ianandwendy.com
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker downloads
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker free ware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free popup pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\aol pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\window pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up spam blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\disable pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo tool bar pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo toolbar pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free msn pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up blocker software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\microsoft pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\internet explorer pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\download pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\download yahoo pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up ad blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop up ad blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free yahoo pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free pop up blocker download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\google pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\msn pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo pop up blocker
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popunder
HKEY_CURRENT_USER\Software\_rtneg3\kkws\pop-up
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\download free killer popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup killer download
HKEY_CURRENT_USER\Software\_rtneg3\kkws\killer popup spyware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup killer kopen
HKEY_CURRENT_USER\Software\_rtneg3\kkws\test popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\advies popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\popup ad killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\yahoo popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\brisbane city council popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free killer popup ware
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ultimate popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\best popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free for life popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\hitware popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\free killer popup software
HKEY_CURRENT_USER\Software\_rtneg3\kkws\zero popup killer
HKEY_CURRENT_USER\Software\_rtneg3\kkws\ad free killer popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\adsgone killer popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\another ie killer popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\advanced killer popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\killer popup smart
HKEY_CURRENT_USER\Software\_rtneg3\kkws\killer msn popup
HKEY_CURRENT_USER\Software\_rtneg3\kkws\killer popup super
HKEY_CURRENT_USER\Software\_rtneg3\kkws\killer popup window
HKEY_CURRENT_USER\Soft




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users