Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
13 replies to this topic

#1 XCLR8

XCLR8

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 30 August 2005 - 11:35 PM

Hello. I have Microsoft AntiVirus that blocks a file called:

bpkwb.dll

File Path -> C:\bpkwb.dll

It blocked it with me telling it to. Well and it takes about 5-10 minutes just to load up. I wanted to know how to get rid of this file and to show you if it shows it in this log. Also, I wanted to know if you can point out other things that should not be in my PC. Much is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:26:48 AM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\bpk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -

C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SDWin32 Class - {2ACEE679-E0FB-4640-89E5-5C21338AB983} - C:\WINDOWS\system32\mvsik.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\David\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [bpk] C:\bpk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - HKCU\..\Run: [Jo52RRN6P] dmorsru.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program

Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program

Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -

http://www.windowsecurity.com/trojanscan/axscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2005 - 08:12 AM

Hi XCLR8 and Welcome to the Bleeping Computer!

Go to Add\Remove Programs and Remove

NetPumper

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


Download Pocket KillBox from here:
http://www.atribune.org/downloads/KillBox_beta_.exe

Highlight the list below and press Ctrl+C to Copy!

C:\bpk.exe
C:\bpkwb.dll
C:\WINDOWS\dmorsru.exe
C:\WINDOWS\system32\dmorsru.exe
C:\WINDOWS\system32\mvsik.dll
C:\WINDOWS\system32\guarnset.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
C:\Documents and Settings\David\Local Settings\Temp\UIUCU.EXE -CLEAN_UP


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SDWin32 Class - {2ACEE679-E0FB-4640-89E5-5C21338AB983} - C:\WINDOWS\system32\mvsik.dll

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\David\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe

O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"

O4 - HKLM\..\Run: [bpk] C:\bpk.exe

O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe

O4 - HKCU\..\Run: [Jo52RRN6P] dmorsru.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Make sure All Windows and Browsers are Closed and Scan the entire System with Ewido-> Clean all it Finds-> Be sure to Click the tab to Save a Report!


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind-> Ewido and Panda!

#3 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 03 September 2005 - 09:42 PM

Geeze. I didn't expect the scanning to take long. lol Anyways, there's one thing i forgot to mention to you. I need that NetPumper. There's these shows my little nephew wants me to download for him. And well, lets just say I still have a few more to go. Enough of me yappin. Here's the goods. *Now I got a virus :thumbsup: *

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:27:38 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

WinPFind Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/3/2005 12:41:50 AM 65536 C:\WINDOWS\IFinst27.exe
qoologic 5/19/2005 9:20:46 AM 3912 C:\WINDOWS\mmork.dll
urllogic 5/19/2005 9:20:46 AM 3912 C:\WINDOWS\mmork.dll
abetterinternet.com 5/19/2005 9:20:46 AM 3912 C:\WINDOWS\mmork.dll

Checking %System% folder...
FSG! 5/17/2005 5:21:38 PM 398742 C:\WINDOWS\SYSTEM32\Chqxtck1.xml
UPX! 11/2/2001 12:45:50 PM 236032 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 8/29/2002 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 5/17/2005 6:15:42 PM 398742 C:\WINDOWS\SYSTEM32\Kvjtpvk1.xml
PECompact2 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/3/2005 6:14:42 PM S 2048 C:\WINDOWS\bootstat.dat
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/3/2005 8:35:04 PM H 61440 C:\WINDOWS\system32\config\default.LOG
9/3/2005 6:14:50 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/3/2005 6:14:44 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
9/3/2005 8:41:24 PM H 200704 C:\WINDOWS\system32\config\software.LOG
9/3/2005 6:14:48 PM H 946176 C:\WINDOWS\system32\config\system.LOG
8/13/2005 4:12:44 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/10/2005 3:06:02 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8675394d-78ef-421e-9f71-430cae6c9a6e
7/10/2005 3:06:02 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/3/2005 6:12:58 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/28/2003 3:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Visioneer Inc 11/5/1998 3:48:08 PM R 28672 C:\WINDOWS\SYSTEM32\vipersti.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/1/2005 1:56:34 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
3/26/2004 10:35:56 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/26/2004 4:20:10 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
3/26/2004 10:35:56 PM HS 84 C:\Documents and Settings\David\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
3/26/2004 4:20:10 PM HS 62 C:\Documents and Settings\David\Application Data\desktop.ini
1/21/2005 12:51:54 AM 29080 C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mmnsqmyt
{d5dd7d3f-4e30-48bb-874e-fdd9b170b4ce} = C:\WINDOWS\system32\ddkoa.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}
IE 4.x-6.x BHO for Internet Download Accelerator = C:\PROGRA~1\IDA\idaiehlp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
ButtonText = Internet Download Accelerator : C:\Program Files\IDA\ida.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
Synchronization Manager %SystemRoot%\system32\mobsync.exe /logon
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
WinampAgent C:\Program Files\Winamp\winampa.exe
NetPumper "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
gtuclmik.exe C:\WINDOWS\system\gtuclmik.exe
qgvolsn.exe C:\WINDOWS\system\qgvolsn.exe
eabelck.exe C:\WINDOWS\system\eabelck.exe
qotq.exe C:\WINDOWS\system\qotq.exe
vvkepxqfkx.exe C:\WINDOWS\system\vvkepxqfkx.exe
heldmbj.exe C:\WINDOWS\system\heldmbj.exe
ckunaip.exe C:\WINDOWS\system\ckunaip.exe
ukrvbcovv.exe C:\WINDOWS\system\ukrvbcovv.exe
wjakis.exe C:\WINDOWS\system\wjakis.exe
fnliiqjrdu.exe C:\WINDOWS\system\fnliiqjrdu.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/3/2005 8:53:44 PM

Edited by XCLR8, 03 September 2005 - 09:44 PM.


#4 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 03 September 2005 - 09:56 PM

For some reason half my logs been cut off on my previous post. o_O Anyways, here's the rest of the logs you wanted to see.

Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:41:38 PM, 9/3/2005
+ Report-Checksum: 90A480AA

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\.DEFAULT\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22B9A67D-E689-44B6-B775-0E8FE84B4F9B} -> Spyware.Hijacker.Generic : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} -> Spyware.FizzleWizzle : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-1078081533-1383384898-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
C:\bpkr.exe -> TrojanSpy.Perflogger.az : Cleaned with backup
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.33:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.89:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.90:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.102:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.103:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.104:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.110:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.129:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.130:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.139:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.140:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.141:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.142:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.165:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.166:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.167:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.168:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.169:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.207:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.213:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.214:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.215:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.216:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.229:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.230:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.231:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.237:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.238:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.242:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.250:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.251:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.268:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.273:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.274:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.289:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.290:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.291:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.292:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.293:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.294:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.319:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.320:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.321:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.322:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.323:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.324:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.326:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.332:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.339:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.341:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.342:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.343:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.344:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.345:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.346:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.349:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.350:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.351:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.352:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.353:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.379:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.382:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.383:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.384:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.385:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.390:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.393:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.394:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.402:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.403:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.416:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.417:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.418:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.419:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.420:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.421:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.435:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.437:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.438:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.439:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.441:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.451:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.452:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.453:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.454:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.463:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.464:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.465:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.474:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.479:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.482:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.507:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.522:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.544:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.545:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.546:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.548:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.556:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.560:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.569:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.623:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.624:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.633:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.636:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.637:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.647:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.648:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.651:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.652:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.671:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.675:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.677:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.678:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.684:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.712:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.713:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.714:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.739:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.745:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.749:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.750:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.751:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.804:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.805:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.834:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.835:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.836:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.837:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ak7b9il4.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temp\i3.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temp\mc-58-12-0000079-d.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temp\RarSFX1\rinst.exe -> TrojanSpy.Perflogger.az : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\2B2XO3SD\Norton_Internet_Security_v2005[1].zip/Symantec.Norton.Internet.Security.2005.Keygen-SSG.exe -> TrojanDropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\MNGN8P4P\n[1].dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\MNGN8P4P\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\R0SFDHK5\dnscatcher[1].exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\R0SFDHK5\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\R0SFDHK5\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SPAJC5QN\diamond[1].cab/m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SPAJC5QN\My404[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\David\My Documents\Other\Crack Searcher\Cracks\N\O\Norton_Internet_Security_2005_Keygen_by_SSG.zip/kgnis.exe -> TrojanDropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\David\My Documents\Other\Crack Searcher\Cracks\N\O\Norton_Internet_Security_v2005.zip/Symantec.Norton.Internet.Security.2005.Keygen-SSG.exe -> TrojanDropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\David\My Documents\Other\Crack Searcher\cracksearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4E0C3092-F46C-4355-A328-AE8EA0\1707F09E-87A8-4C3D-AABF-DD4D09 -> Trojan.Pakes : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\77B8E789-42EA-441A-B3A3-701289\769BE575-2B2C-4362-B8B3-92BDE3 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7BE08755-3366-4FEC-B17E-69690B\DB3B832F-6907-451D-BAB0-7573ED -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\My404.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\WINDOWS\system32\hjanefr.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\nwzqo.dll -> Spyware.Adstart : Cleaned with backup
F:\Programs\Photoshop CS\photoshop.rar/qna.exe -> TrojanDownloader.INService.ao : Error during cleaning
F:\Programs\Crack Searcher\cracksearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup


::Report End

Panda Log


Incident Status Location

Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\DAVID\LOCAL SETTINGS\TEMPORARY INTERNET FILES\Ssk.log
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:spyware/searchcentrix No disinfected Windows Registry
Virus:Trj/Keylog.BR Disinfected C:\bpkhk.dll
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4f4dd4ac.zip[InstallerApplet.class]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\David\Local Settings\Temp\mc-58-12-0000079-m.exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\MNGN8P4P\maxifiles[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LMFS1EF\drugs-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C12Z8LAR\dating-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C9MZKXUR\fav-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5

Edited by XCLR8, 03 September 2005 - 09:58 PM.


#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 September 2005 - 04:23 AM

Sorry for all the Scanning,but as you will see its all well worth it!

Now as long as stuff like these are on the PC,you will be getting reinfected soon!

C:\Documents and Settings\David\My Documents\Other\Crack Searcher\Cracks\N\O\Norton_Internet_Security_v2005.zip/Symantec.Norton.Internet.Security.2005.Keygen-SSG.exe

F:\Programs\Photoshop CS\photoshop.rar/qna.exe

F:\Programs\Crack Searcher\cracksearcher.exe

I recommend getting rid of all this kind of stuff,it can only bring more trouble!!

Make sure to get Ewido Updated!

Download and install CleanUp!

Attached is a reg file,download it to the desktop but dont run it just yet!

Highlight the list below and press Ctrl+C to Copy!

C:\bpkhk.dll
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\mmork.dll
C:\WINDOWS\cfgmgr52
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\SYSTEM32\Chqxtck1.xml
C:\WINDOWS\SYSTEM32\Kvjtpvk1.xml
C:\WINDOWS\system32\ddkoa.dll
C:\WINDOWS\system\gtuclmik.exe
C:\WINDOWS\system\qgvolsn.exe
C:\WINDOWS\system\eabelck.exe
C:\WINDOWS\system\qotq.exe
C:\WINDOWS\system\vvkepxqfkx.exe
C:\WINDOWS\system\heldmbj.exe
C:\WINDOWS\system\ckunaip.exe
C:\WINDOWS\system\ukrvbcovv.exe
C:\WINDOWS\system\wjakis.exe
C:\WINDOWS\system\fnliiqjrdu.exe
C:\Program Files\AWS
C:\DOCUMENTS AND SETTINGS\DAVID\LOCAL SETTINGS\TEMPORARY INTERNET FILES\Ssk.log
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4f4dd4ac.zip[InstallerApplet.class]
C:\Documents and Settings\David\Local Settings\Temp\mc-58-12-0000079-m.exe
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\MNGN8P4P\maxifiles[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LMFS1EF\drugs-ico[1].bmp
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C12Z8LAR\dating-ico[1].bmp
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C9MZKXUR\fav-ico[1].bmp
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OXIRKPAV\casino-ico[1].bmp


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!

Restart in Safe Mode!

Once in Safe Mode,Locate and Double Click rem.reg and allow it to merge into the registry!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Scan the System once more with Ewido just as you did before and Save the Report!

Restart Normal and have the PC Scanned here:
F-Secure


Post back with a fresh HijackThis log and the reports from Ewido and F-Secure!

#6 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 04 September 2005 - 02:11 PM

VirtuaNews Message
You do not have permission to do this action. If you think you should do, please contact the webmaster.

Thats what I see when I click the link to download the CleanUp. So now what? I can't do what you want me to do until I get this program...right? :thumbsup: Damn, I hope you got another place to get this. I WAS going to google search it, but I might get to a web site that not clean. o_O I'm waiting for the next set of orders. :flowers:

Edited by XCLR8, 04 September 2005 - 02:12 PM.


#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 September 2005 - 02:59 PM

Sorry about that!

Here is the primary link
http://downloads.stevengould.org/cleanup/CleanUp40.exe

#8 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 05 September 2005 - 10:11 PM

Damn it. Nothing but problems comming form my computer. :thumbsup: When I paste from the list you just gave me, it pastes all what I copied into Pocket Killbox, but not all. The first one:

C:\bpkhk.dll

When it is pasted in the list, it shows this instead:

C:\

All the others are there looking normal, but I do not know why the first one on the list doesn't paste correctly in Kill box. Do I go ahead and delete the list, then restart normally, and then come back to it and delete remaining file? Also, what do you mean by this:

"Once in Safe Mode,Locate and Double Click rem.reg and allow it to merge into the registry!"

Did you want me to skip that and go straight to opening up CleanUp? I'm waiting for the next set of orders.

Edited by XCLR8, 05 September 2005 - 10:14 PM.


#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 September 2005 - 05:42 AM

Go ahead and Paste all the others in and then go manually delete the other!

Sorry for not attaching that reg file last time! :thumbsup:

Attached Files

  • Attached File  rem.reg   407bytes   8 downloads


#10 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 06 September 2005 - 01:41 PM

Anotehr problem before cleaning. When I pasted this:

C:\WINDOWS\system32\ddkoa.dll
C:\WINDOWS\system\gtuclmik.exe
C:\WINDOWS\system\qgvolsn.exe
C:\WINDOWS\system\eabelck.exe
C:\WINDOWS\system\qotq.exe
C:\WINDOWS\system\vvkepxqfkx.exe
C:\WINDOWS\system\heldmbj.exe
C:\WINDOWS\system\ckunaip.exe
C:\WINDOWS\system\ukrvbcovv.exe
C:\WINDOWS\system\wjakis.exe
C:\WINDOWS\system\fnliiqjrdu.exe

All of them look like this:

C:\WINDOWS\system

When I manualy typed it in, and when I click on show file properties, I get an error looking like this:

Posted Image

So I guess the files aren't there for the windows directory and "C:\bpkhk.dll" Because I get this window error when I type it in and click on properties. Now what?

Edited by XCLR8, 06 September 2005 - 01:42 PM.


#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 September 2005 - 05:30 AM

OK,now thats progress and you are exactly right,if Killbox says the file doesnt exist,well then,the file doesnt exist!

Update Ewido and Scan in Safe Mode and Save the log!

Restart Normal and Scan at the F-Secure Site and lets see what we see!

#12 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 07 September 2005 - 03:13 PM

F Secure Online Scanner

Posted Image

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 4:04:02 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Ewido Log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:48:40 PM, 9/7/2005
+ Report-Checksum: 5D9B750D

+ Scan result:

No infected objects found.


::Report End

Alright there tough guy, give me good news man. :thumbsup: Also, how can I protect myself, IF netpumper starts to be a pain. I doubt it will because nothing happened to me when I had that around. But you may never know, just in case. I have an antivirus program called "Symantec Anti-Virus Corporate Edition v9," is this program good? I know I need a firewall aswell, but I do not know which one to pick out of the list this forum shows me. Your the man of the hour, which one do you suggest in me getting? Let me know if there is anything else to do. :flowers:

*By the way, that CleanUp cleared out 822.6MB!!!!* O_O

Edited by XCLR8, 07 September 2005 - 03:23 PM.


#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 September 2005 - 05:44 AM

Now thats what I wanted to see!

If it were me and I needed a free Antivirus that did its job as well as the others,it would be one of these

AVG
http://www.grisoft.com/doc/40/lng/us/tpl/tpl01

Antivir
http://www.free-av.com/

BitDefender Free Edition v7
http://www.bitdefender.com/bd/site/products.php?p_id=24


Free Firewalls

Kerio Personal Firewall
http://www.kerio.com/kpf_home.html

Sygate Personal Firewall:
http://smb.sygate.com/products/spf_standard.htm


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Made Easy
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?

#14 XCLR8

XCLR8
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 08 September 2005 - 07:59 PM

Thanks man. You helped me out A LOT. Is it ok that I can PM you instead of replying here? Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users