Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon.exe Problem! Using 100% Of Cpu


  • This topic is locked This topic is locked
22 replies to this topic

#1 josh7g

josh7g

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 21 April 2006 - 02:24 PM

My computer keeps on freezing every 3-4 minutes and I found out that it's winlogon.exe causing it. I don't know why, but it's really irritating.

Here is my HJT log. Would appreciate it if you can solve my problem (and other stuff I'm not aware of)

Thanks! :thumbsup:

---------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:35:13 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Josh2\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\mvlml9311.dll (file missing)
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 April 2006 - 04:36 AM

Hi josh7g and Welcome to the Bleeping Computer!

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

#3 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 22 April 2006 - 06:56 PM

Ok, here is my new log for the Look2Me Destroyer:

--------------------------------------------------------

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/22/2006 6:27:10 PM

Infected! C:\WINDOWS\system32\mvlml9311.dll

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AD46F133-A202-48F4-A9F0-B5699B83F561}"
HKCR\Clsid\{AD46F133-A202-48F4-A9F0-B5699B83F561}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E29576F8-B429-4A2E-AF4F-F5A00E980D5F}"
HKCR\Clsid\{E29576F8-B429-4A2E-AF4F-F5A00E980D5F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6D2E15C2-6481-4C36-B5D9-499D18071986}"
HKCR\Clsid\{6D2E15C2-6481-4C36-B5D9-499D18071986}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{139DB91B-795E-4A42-9446-2E9809B6075C}"
HKCR\Clsid\{139DB91B-795E-4A42-9446-2E9809B6075C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6BD5B0D7-CE00-4BF3-BD14-7EC2B6B1D753}"
HKCR\Clsid\{6BD5B0D7-CE00-4BF3-BD14-7EC2B6B1D753}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{15DC4AF5-2649-468F-A5D3-9BD603005433}"
HKCR\Clsid\{15DC4AF5-2649-468F-A5D3-9BD603005433}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

---------------------------------------------------------------------
This is my new Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:54:11 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Josh2\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 22 April 2006 - 08:40 PM

It's still causing winlogon.exe to use 100% CPU, after I did what you said.

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 April 2006 - 03:08 AM

My last post was directed towards the Look2me Infection you had which is now gone,now we can get rid of the other Winlogon Hook.


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    winrkq32.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab

O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -


O19 - User stylesheet: (file missing)

O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#6 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 24 April 2006 - 12:07 PM

Ok, here it goes:

---------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:03:09 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Josh2\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_254364] C:\WINDOWS\system32\ActiveScan\pavdr.exe xPanda ActiveScan 254364
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--------------------------------------------------------------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PTech 4/11/2004 3:00:54 AM H 2833874 C:\kyf.dat

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/7/2004 6:42:10 PM 89746 C:\WINDOWS\iaxclient.dll
PTech 12/12/1989 11:10:10 AM 736240 C:\WINDOWS\khdmxij.exe_tobedeleted

Checking %System% folder...
UPX! 2/10/2006 4:05:54 PM 45568 C:\WINDOWS\SYSTEM32\002kla3c.dll
UPX! 5/7/2004 6:42:10 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
UPX! 10/11/2002 11:03:06 AM 120832 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/13/2005 10:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 1/18/2006 4:19:02 PM 84480 C:\WINDOWS\SYSTEM32\nsz30F.dll
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 12/15/2004 10:26:34 AM 58368 C:\WINDOWS\SYSTEM32\SiKernel.dll
UPX! 1/20/2005 2:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts

qoologic 2/10/2006 4:07:28 PM 283204 C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.bak
urllogic 2/10/2006 4:07:28 PM 283204 C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.bak

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/24/2006 10:42:52 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
4/21/2006 11:31:36 AM H 54156 C:\WINDOWS\QTFont.qfn
3/27/2006 11:48:58 AM RHS 409600 C:\WINDOWS\SYSTEM32\??ool32.exe
3/22/2006 6:17:30 PM S 14054 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 1:15:38 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/13/2006 4:45:34 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
3/17/2006 4:24:26 AM S 12455 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 5:03:56 AM S 22339 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/24/2006 10:42:38 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
4/24/2006 10:43:22 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
4/24/2006 10:42:54 AM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
4/24/2006 10:48:46 AM H 282624 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
4/24/2006 10:43:02 AM H 999424 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
4/15/2006 12:27:26 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
3/22/2006 6:59:54 AM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
3/22/2006 6:59:54 AM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
4/24/2006 10:41:12 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 7:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 2:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 1:00:00 AM 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 10/19/2005 8:59:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
8/23/2003 11:26:54 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/3/2006 7:59:36 PM 1648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
12/8/2003 10:40:46 PM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
10/14/2005 8:02:02 PM 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\Josh2\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\Josh2\Application Data\DESKTOP.INI
9/1/2005 3:11:16 PM 64960 C:\Documents and Settings\Josh2\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{502C3BA4-2C3E-4317-BC29-C0445E82B1F9}
PaltalkWebLogin = C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dell AIO Printer A920 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
Creative WebCam Tray C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
HostManager C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/24/2006 10:58:10 AM

--------------------------------------------------------------------


Incident Status Location

Virus:Trj/Downloader.HQM Disinfected Operating system
Adware:adware program Not disinfected c:\windows\system32\key.~
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_22.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\winsysupd41.dat
Adware:adware/commad Not disinfected c:\documents and settings\localservice\application data\NetMon
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/S0014-01-1-17-218931-48461]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@fastclick[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mediaplex[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Cindy2_2\My Documents\l2mfix\Process.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/50209978]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.overture.com/]

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 April 2006 - 05:26 PM

Go back to Safe Mode and Open Pocket KillBox.

Copy&Paste each entry below,one at a time,into Killbox.

C:\WINDOWS\SYSTEM32\nsz30F.dll
C:\WINDOWS\SYSTEM32\SiKernel.dll
C:\WINDOWS\SYSTEM32\002kla3c.dll
c:\windows\system32\key.~
C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.bak
C:\WINDOWS\khdmxij.exe_tobedeleted
c:\windows\NDNuninstall7_22.exe
c:\windows\winsysupd41.dat
C:\kyf.dat
c:\documents and settings\localservice\application data\NetMon


As you paste each entry in,place a tick by these selections when avaiable

"Standard File Delete"

"Unregister .dll before deleting"

Once all are deleted-> Scan once more with WinPfind.

Restart Normal and post the WinPFind log and the Panda Log again,it got cut off in the last post.

Also,once restarted,Scan fresh with HijackThis and post those results.

#8 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 24 April 2006 - 07:16 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:55:30 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josh2\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

----------------------------------------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/7/2004 6:42:10 PM 89746 C:\WINDOWS\iaxclient.dll

Checking %System% folder...
UPX! 5/7/2004 6:42:10 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
UPX! 10/11/2002 11:03:06 AM 120832 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/13/2005 10:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 2:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/24/2006 6:38:28 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
4/21/2006 11:31:36 AM H 54156 C:\WINDOWS\QTFont.qfn
3/27/2006 11:48:58 AM RHS 409600 C:\WINDOWS\SYSTEM32\??ool32.exe
3/22/2006 6:17:30 PM S 14054 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 1:15:38 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/13/2006 4:45:34 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
3/17/2006 4:24:26 AM S 12455 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 5:03:56 AM S 22339 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/24/2006 6:38:16 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
4/24/2006 6:38:54 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
4/24/2006 6:38:30 PM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
4/24/2006 6:41:22 PM H 114688 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
4/24/2006 6:38:38 PM H 1052672 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
4/15/2006 12:27:26 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
3/22/2006 6:59:54 AM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
3/22/2006 6:59:54 AM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
4/24/2006 6:37:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 7:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 2:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 1:00:00 AM 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 10/19/2005 8:59:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
8/23/2003 11:26:54 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/3/2006 7:59:36 PM 1648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
12/8/2003 10:40:46 PM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
10/14/2005 8:02:02 PM 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\Josh2\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\Josh2\Application Data\DESKTOP.INI
9/1/2005 3:11:16 PM 64960 C:\Documents and Settings\Josh2\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{502C3BA4-2C3E-4317-BC29-C0445E82B1F9}
PaltalkWebLogin = C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dell AIO Printer A920 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
Creative WebCam Tray C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
HostManager C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkq32
= winrkq32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/24/2006 6:51:53 PM

-----------------------------------------------------------


Incident Status Location

Adware:adware/dollarrevenue Not disinfected c:\windows\winsysupd51.dat
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:Adware/2Z0o Not disinfected C:\!KillBox\khdmxij.exe_tobedeleted
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_22.exe
Adware:Adware/PopupSearches Not disinfected C:\!KillBox\nsz30F.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/S0014-01-1-17-218931-48461]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@fastclick[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mediaplex[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Cindy2_2\My Documents\l2mfix\Process.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/50209978]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adserver

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 April 2006 - 07:32 PM

Whoops,I asked for too many logs again! :thumbsup:

Panda log got zapped again,just post it alone in a reply by itself.

I need you to be sure Windows is Showing Hidden Files
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Navigate to the System32 Folder--> C:\WINDOWS\SYSTEM32

Tell me if you see any files with the name--> Spool32.exe

If so,right click all instances of the files and select properties.

Gather me all the information you can from the property tabs

Size

Date Created

Company Name


Things like that.

Edited by Cretemonster, 24 April 2006 - 07:33 PM.


#10 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 25 April 2006 - 09:25 AM

Incident Status Location

Adware:adware/dollarrevenue Not disinfected c:\windows\winsysupd51.dat
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:Adware/2Z0o Not disinfected C:\!KillBox\khdmxij.exe_tobedeleted
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_22.exe
Adware:Adware/PopupSearches Not disinfected C:\!KillBox\nsz30F.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/S0014-01-1-17-218931-48461]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@fastclick[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mediaplex[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Cindy2_2\My Documents\l2mfix\Process.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[server.iad.liveperson.net/hc/50209978]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adserver

#11 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 25 April 2006 - 09:27 AM

The only files I see that you mentioned is spoolss.dll and spoolsv.exe

Do I do as you said with those two files?

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 April 2006 - 08:02 PM

Lets get Firefox cleaned up a bit-> Open firefox and Click Tools-> Options-> Privacy-> Clear All.


Restart in Safe Mode and be sure Windows is still showing Hidden Files
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Look in the System32 folder once more for any files with a name similar to this

C:\WINDOWS\SYSTEM32\??ool32.exe

The ? can be anything from a number to a letter to a blank entry.

Use Windows Search Assistant (Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by everybox under Advanced Options

Search this phrase-> ool32.exe

What you wanna do is,all returns found-> Right Click and Select Properties

The Creation Date will be-> 3/27/2006 11:48:58 AM

The Size will be 409600 bytes or 400 Kb

Let me know if you see any matches


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Scan Once More with WinPFind.


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with the WinPFind log.


#13 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 27 April 2006 - 04:12 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 27, 2006 4:08:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 27/04/2006
Kaspersky Anti-Virus database records: 190291
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 135947
Number of viruses found: 25
Number of infected objects: 80
Number of suspicious objects: 4
Duration of the scan process: 01:01:12

Infected Object Name / Virus Name / Last Action
C:\!KillBox\khdmxij.exe_tobedeleted Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\!KillBox\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\!KillBox\nsz30F.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f77f519-328ef193.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f77f519-328ef193.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-436147f4-5a672b1a.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-436147f4-5a672b1a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\installerus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\winsysban5[1].exe Infected: Trojan-Clicker.Win32.VB.kc skipped
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-32558680-1f55147e.zip/binny/binny.class Infected: Trojan.Java.Binny.a skipped
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-32558680-1f55147e.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1eb16130.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1eb16130.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-4c956864.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-4c956864.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-4c956864.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-6915f833.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-6915f833.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-6915f833.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3365fd9a.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3365fd9a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3365fd9a.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4e1700d4.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4e1700d4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Josh2\My Documents\My Downloads\ccsetup128.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Josh2\My Documents\My Downloads\ccsetup128.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Josh2\My Documents\My Downloads\ccsetup128.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Josh2\My Documents\My Downloads\XoftSpy421_169.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Josh2\My Documents\My Downloads\XoftSpy421_169.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip/web.exe Infected: Trojan-Downloader.Win32.Small.asy skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip/web.exe Infected: Trojan-Dropper.Win32.Small.uf skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip/web.exe Infected: Trojan-Dropper.Win32.Small.uf skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip/web.exe Infected: Trojan-Dropper.Win32.Small.uf skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip/web.exe Infected: Trojan-Dropper.Win32.Small.uf skipped
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip ZIP: infected - 5 skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Downloader.Win32.Small.lb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201\A0112936.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113965.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113966.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113968.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118808.dll Infected: Trojan-Downloader.Win32.Agent.aej skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118842.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118845.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\AdService.dll Infected: Trojan-Downloader.Win32.Agent.aej skipped
C:\WINDOWS\SYSTEM32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\SYSTEM32\DH9013.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\ocnkkva.dll Infected: not-a-virus:AdWare.Win32.WurldMedia.e skipped
C:\WINDOWS\SYSTEM32\wgse.exe Infected: Trojan.Win32.Runner.h skipped
C:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\winsysupd6.exe Infected: Trojan-Downloader.Win32.VB.wg skipped

Scan process completed.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/7/2004 6:42:10 PM 89746 C:\WINDOWS\iaxclient.dll

Checking %System% folder...
UPX! 5/7/2004 6:42:10 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
UPX! 10/11/2002 11:03:06 AM 120832 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/13/2005 10:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 2:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/26/2006 9:32:24 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
4/21/2006 11:31:36 AM H 54156 C:\WINDOWS\QTFont.qfn
3/27/2006 11:48:58 AM RHS 409600 C:\WINDOWS\SYSTEM32\??ool32.exe
3/22/2006 6:17:30 PM S 14054 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 1:15:38 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/13/2006 4:45:34 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
3/17/2006 4:24:26 AM S 12455 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 5:03:56 AM S 22339 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/26/2006 9:32:12 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
4/26/2006 9:32:52 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
4/26/2006 9:32:26 AM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
4/26/2006 9:55:20 AM H 143360 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
4/26/2006 9:32:34 AM H 1077248 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
4/15/2006 12:27:26 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
3/22/2006 6:59:54 AM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
3/22/2006 6:59:54 AM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
4/26/2006 9:31:16 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 7:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 2:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 1:00:00 AM 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 10/19/2005 8:59:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
8/23/2003 11:26:54 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/3/2006 7:59:36 PM 1648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
12/8/2003 10:40:46 PM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
10/14/2005 8:02:02 PM 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\Josh2\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\Josh2\Application Data\DESKTOP.INI
9/1/2005 3:11:16 PM 64960 C:\Documents and Settings\Josh2\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{502C3BA4-2C3E-4317-BC29-C0445E82B1F9}
PaltalkWebLogin = C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dell AIO Printer A920 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
Creative WebCam Tray C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
HostManager C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/26/2006 10:02:54 AM

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 April 2006 - 05:26 PM

Go into Safe Mode and Open Pocket Killbox

Copy&Paste each entry below,one at a time,into Killbox and place a tick by any of these selections available.

"Standard File Kill"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"


C:\WINDOWS\SYSTEM32\AdService.dll
C:\WINDOWS\SYSTEM32\ocnkkva.dll
C:\WINDOWS\SYSTEM32\DH9013.exe
C:\WINDOWS\SYSTEM32\wgse.exe
C:\WINDOWS\pf78
C:\WINDOWS\unin101.exe
C:\WINDOWS\uni_eh.exe
C:\WINDOWS\winsysupd6.exe
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-5dbd051f.zip
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-55a06157.zip
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-4dd5d343.zip
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5aa9cbc6-252a6a8a.zip
C:\Documents and Settings\Sheri\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-304d7b5a-49cab046.zip
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4e1700d4.zip
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3365fd9a.zip
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-6915f833.zip
C:\Documents and Settings\Josh2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-4c956864.zip
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1eb16130.zip
C:\Documents and Settings\Josh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-32558680-1f55147e.zip
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-436147f4-5a672b1a.zip ZIP
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f77f519-328ef193.zip



Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)



Restart Normal and clean up and update your Java.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Run one more Online Scan here
http://www.ewido.net/en/onlinescan/

Just Scan and Save a Report,dont remove anything please.


Post those results along with a fresh HijackThis log in the next reply.

#15 josh7g

josh7g
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 29 April 2006 - 11:12 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:06:42 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Josh2\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145678721\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Adware.WebSearch
Path: HKLM\SOFTWARE\BTIEIN
Risk: Medium

Name: Adware.WebSearch
Path: HKLM\SOFTWARE\BTIEIN\BTIEIN
Risk: Medium

Name: Adware.WebSearch
Path: HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F}
Risk: Medium

Name: Adware.WebSearch
Path: HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res
Risk: Medium

Name: Adware.MidAddle
Path: HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtensi.1
Risk: Medium

Name: Adware.MidAddle
Path: HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension
Risk: Medium

Name: Adware.MidAddle
Path: HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CLSID
Risk: Medium

Name: Adware.MidAddle
Path: HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CurVer
Risk: Medium

Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F}
Risk: Medium

Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium

Name: Downloader.Agent.aej
Path: C:\!KillBox\AdService.dll
Risk: High

Name: Hijacker.VB.ij
Path: C:\!KillBox\khdmxij.exe_tobedeleted
Risk: High

Name: Adware.NewDotNet
Path: C:\!KillBox\NDNuninstall7_22.exe
Risk: Medium

Name: Adware.EZula
Path: C:\!KillBox\nsz30F.dll
Risk: Medium

Name: Adware.WurldMedia
Path: C:\!KillBox\ocnkkva.dll
Risk: Medium

Name: Trojan.VB.tg
Path: C:\!KillBox\unin101.exe
Risk: High

Name: Trojan.VB.tg
Path: C:\!KillBox\uni_eh.exe
Risk: High

Name: Trojan.Runner.h
Path: C:\!KillBox\wgse.exe
Risk: High

Name: Downloader.VB.wg
Path: C:\!KillBox\winsysupd6.exe
Risk: High

Name: Downloader.Small.lb
Path: C:\!KillBox\wmplayer.exe
Risk: High

Name: TrackingCookie.Atdmt
Path: :mozilla.18:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.19:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.23:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.24:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.25:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.26:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.27:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.28:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.29:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.34:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.35:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.36:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.37:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.39:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.40:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.41:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.42:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.43:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.44:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.45:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.46:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.47:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.48:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.49:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.50:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.52:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.53:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.54:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.55:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.56:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.68:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.69:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.70:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.71:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.72:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.73:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.90:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.91:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.103:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.104:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.105:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: :mozilla.108:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.111:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.112:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.126:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.131:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.132:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.136:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: :mozilla.137:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.138:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.139:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.140:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.141:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.142:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.144:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.145:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.146:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: :mozilla.153:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: :mozilla.156:C:\Documents and Settings\Cindy2_2\Application Data\Mozilla\Firefox\Profiles\hz4nxd5h.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@2o7[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ad1.clickhype[1].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adopt.specificclick[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Realcastmedia
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@ads.realcastmedia[1].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@advertising[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@as-us.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@burstnet[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@cbs.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@charmingshoppes.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@cnn.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@com[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@cpvfeed[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@dmedia.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@entrepreneur.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@falkag[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@image.masterstats[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@partygaming.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@www.burstbeacon[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Cindy2_2\Cookies\cindy2_2@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.6:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.7:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.15:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.21:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.22:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.23:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.24:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.25:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.26:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Commission-junction
Path: :mozilla.28:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cj
Path: :mozilla.29:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Commission-junction
Path: :mozilla.31:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.40:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.45:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.46:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.48:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.49:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.52:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.53:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.54:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.55:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.56:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.57:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.58:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.59:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.60:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.69:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.70:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.73:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.74:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.75:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.76:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.80:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.81:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.82:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.84:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.85:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.86:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.101:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.102:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.103:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.106:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.107:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.110:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.111:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.125:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.126:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.129:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.143:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.151:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.152:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.153:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.160:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.161:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.168:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.169:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.221:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.222:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: :mozilla.242:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Dbbsrv
Path: :mozilla.251:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Dbbsrv
Path: :mozilla.252:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.266:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\daveoxx3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Dennis\Cookies\dennis@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Dennis\Cookies\dennis@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Dennis\Cookies\dennis@ads1.revenue[1].txt
Risk: Medium

Name: TrackingCookie.Searchingbooth
Path: C:\Documents and Settings\Dennis\Cookies\dennis@banners.searchingbooth[1].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Dennis\Cookies\dennis@burstnet[1].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Dennis\Cookies\dennis@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Hypertracker
Path: C:\Documents and Settings\Dennis\Cookies\dennis@hypertracker[1].txt
Risk: Medium

Name: TrackingCookie.Top-banners
Path: C:\Documents and Settings\Dennis\Cookies\dennis@media.top-banners[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Dennis\Cookies\dennis@partygaming.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Paypopup
Path: C:\Documents and Settings\Dennis\Cookies\dennis@paypopup[1].txt
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\Dennis\Cookies\dennis@stats1.reliablestats[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Dennis\Cookies\dennis@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Dennis\Cookies\dennis@yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.8:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: :mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.23:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: :mozilla.44:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: :mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ywqmjz0m.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@cnn.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Kmpads
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@kmpads[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@partygaming.122.2o7[1].txt
Risk: Medium

Name: Downloader.Qoologic.at
Path: C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\installerus[1].exe
Risk: High

Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Sheri\Cookies\sheri@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Sheri\Cookies\sheri@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Sheri\Cookies\sheri@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Sheri\Cookies\sheri@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Realcastmedia
Path: C:\Documents and Settings\Sheri\Cookies\sheri@ads.realcastmedia[1].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Sheri\Cookies\sheri@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Click2begin
Path: C:\Documents and Settings\Sheri\Cookies\sheri@click2begin[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Sheri\Cookies\sheri@cnn.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Sheri\Cookies\sheri@com[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Sheri\Cookies\sheri@cpvfeed[1].txt
Risk: Medium

Name: TrackingCookie.Kmpads
Path: C:\Documents and Settings\Sheri\Cookies\sheri@kmpads[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Sheri\Cookies\sheri@partygaming.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Sheri\Cookies\sheri@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Sheri\Cookies\sheri@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Sheri\Cookies\sheri@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: C:\Documents and Settings\Sheri\Cookies\sheri@vdn.valuead[1].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Sheri\Cookies\sheri@www.burstbeacon[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Sheri\Cookies\sheri@yieldmanager[2].txt
Risk: Medium

Name: Adware.PurityScan
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201\A0112936.exe
Risk: Medium

Name: Hijacker.VB.ij
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113965.exe
Risk: High

Name: Hijacker.VB.ij
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113966.exe
Risk: High

Name: Adware.NewDotNet
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0113968.exe
Risk: Medium

Name: Downloader.Agent.aej
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118808.dll
Risk: High

Name: Adware.EZula
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118842.dll
Risk: Medium

Name: Adware.NewDotNet
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0118845.exe
Risk: Medium

Name: Downloader.Agent.aej
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119093.dll
Risk: High

Name: Adware.WurldMedia
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119094.dll
Risk: Medium

Name: Trojan.Runner.h
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119096.exe
Risk: High

Name: Trojan.VB.tg
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119097.exe
Risk: High

Name: Trojan.VB.tg
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119098.exe
Risk: High

Name: Downloader.VB.wg
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223\A0119099.exe
Risk: High




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users