Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32


  • Please log in to reply
13 replies to this topic

#1 Honeyangel35

Honeyangel35

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 29 April 2006 - 10:41 PM

Hey,
I have rundll32 on my computer. I ran adware, spybot and hijackthis. I don't know what to delete from hijackthis. Here's the copy of the scan:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:03 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\regsvr32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Danielle Austin\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Microsoft DLL Registration Component (DLLReg) - Unknown owner - C:\WINDOWS\regsvr32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Can you help me?
Thanks

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 30 April 2006 - 07:33 AM

Hi Honeyangel35 and Welcome to the Bleeping Computer!

I need to have a look at a file from your system please.


Go to this Upload Site

Fill in your User Name and a link to this post.

Upload this file please--> C:\WINDOWS\regsvr32.exe


Now,Click Start-> Run-> Type in Services.msc and Click OK

Scroll that list and locate this entry

Microsoft DLL Registration Component<-- Please be sure to match the name exactly as I listed it!

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled

Click Apply-> OK and Exit the Services Page


Lets try using F-Secure Blacklight and have a closer look.

Download and Save Blacklight to your Local Drive C:\

Click Start-> Run-> Type in C:\blbeta.exe /expert and click OK to launch Blacklight.

Accept the Agreement and Click Next,now click Scan and let Blacklight scan the entire system.

You'll see a list of all items found. There will also be a log on your C:\ drive with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Let me see a HijackThis Start Up log.

Open HijackThis and Click the "Open Misc Tools Section" tab.

Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply.


Post those 2 logs in the next reply please.

#3 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 30 April 2006 - 07:22 PM

Hey,

Blacklight found no hidden items after the scan.


Here's the info from Hijackthis(startuplist log):

StartupList report, 4/30/2006, 6:31:28 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Danielle Austin\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Danielle Austin\Desktop\blbeta.exe
C:\Documents and Settings\Danielle Austin\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Danielle Austin\Start Menu\Programs\Startup]
PowerReg Scheduler.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
AtiPTA = Atiptaxx.exe
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

wextract_cleanup0 = rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\IXP000.TMP\"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssflwbox.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll - {A7327C09-B521-4EDB-8509-7D2660C9EC98}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Autodesk DWF Viewer Control]
InProcServer32 = C:\Program Files\Common Files\Autodesk shared\dwf common\AdView.dll
CODEBASE = http://www.autodesk.com/global/expressview...ViewerSetup.cab

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\ati2evxx.exe (autostart)
ati2mpab: system32\DRIVERS\ati2mpab.sys (manual start)
atimpab: System32\DRIVERS\atimpab.sys (manual start)
atirage3: system32\DRIVERS\atimpab.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Diskeeper: "C:\Program Files\Executive Software\Diskeeper\DkService.exe" (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Dot4 HPH11: System32\DRIVERS\hphid411.sys (manual start)
Print Class Driver for IEEE-1284.4 HPH11: System32\DRIVERS\hphipr11.sys (manual start)
Dot4Usb HPH11: System32\drivers\hphius11.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
3Com Megahertz 10/100 LAN CardBus PC Card Driver: System32\DRIVERS\el575nd5.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: system32\DRIVERS\el90xbc5.sys (manual start)
EraserUtilDrv10614: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10614.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
F-Secure BlackLight Beta Engine Driver: \??\C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
ESS Maestro 3 Audio Driver (WDM): system32\drivers\es198x.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060430.005\naveng.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060430.005\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPH11: C:\WINDOWS\system32\HPHipm11.exe (manual start)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (manual start)
SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)
SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{62940A87-EB0D-4440-BF1C-E42E9C8CDC1C} (manual start)
Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS (system)
SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: *Registry key not found*
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,627 bytes
Report generated in 1.182 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#4 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 30 April 2006 - 07:29 PM

Hey,

I'm not sure if you need this, but here's the info from Blacklight after the scan...even though it didn't find anything

04/30/06 18:29:10 [Info]: BlackLight Engine 1.0.36 initialized
04/30/06 18:29:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/30/06 18:29:11 [Note]: 7019 4
04/30/06 18:29:11 [Note]: 7005 0
04/30/06 18:29:40 [Note]: 7006 0
04/30/06 18:29:40 [Note]: 7011 1100
04/30/06 18:29:41 [Note]: 7026 0
04/30/06 18:29:41 [Note]: 7026 0
04/30/06 18:30:13 [Note]: FSRAW library version 1.7.1015
04/30/06 18:37:24 [Note]: 7007 0

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 01 May 2006 - 01:08 AM

Were you able to upload the file I asked about?

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 01 May 2006 - 06:50 PM

All those were 0 bytes,Empty.

Lets do this and see if the file actually exist or not


Copy the text below to a blank notepad page and Save it to the Desktop with the name Look.bat


dir \regsvr32.exe /a h /s > File.txt



Once saved,double click Look.bat and wait for the dos window to close.


Now,you should see File.txt on the desktop,I will need to see the entire contents of that text file in the next reply please.


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#7 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 01 May 2006 - 09:24 PM

Text file info:
Volume in drive C has no label.
Volume Serial Number is F087-909B

Directory of C:\Documents and Settings\Danielle Austin\Desktop\New Folder

03/31/2003 08:00 AM 9,728 regsvr32.exe
1 File(s) 9,728 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

03/31/2003 08:00 AM 9,728 regsvr32.exe
1 File(s) 9,728 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 12:56 AM 11,776 regsvr32.exe
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\system32

08/04/2004 12:56 AM 11,776 regsvr32.exe
1 File(s) 11,776 bytes




Here's the WinPFind info:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/31/2003 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/1/2006 8:06:28 PM S 2048 C:\WINDOWS\bootstat.dat
5/1/2006 8:06:36 PM S 64 C:\WINDOWS\CSC\00000001
4/12/2006 1:26:16 PM S 64 C:\WINDOWS\CSC\00000002
4/9/2006 4:50:06 PM S 64 C:\WINDOWS\CSC\csc1.tmp
3/22/2006 7:17:30 PM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 2:15:38 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/17/2006 5:24:26 AM S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 6:03:56 AM S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
5/1/2006 8:06:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG
5/1/2006 8:06:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
5/1/2006 8:06:32 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
5/1/2006 8:08:46 PM H 131072 C:\WINDOWS\system32\config\software.LOG
5/1/2006 8:06:48 PM H 909312 C:\WINDOWS\system32\config\system.LOG
4/17/2006 11:22:26 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
3/20/2006 2:47:06 PM S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
3/20/2006 2:47:08 PM S 19359 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
3/20/2006 2:47:06 PM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
3/20/2006 2:47:08 PM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
3/16/2006 12:16:20 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\20143797-b1f0-49f9-b769-faef833592bf
3/16/2006 12:16:20 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
5/1/2006 8:01:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 10:31:48 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 12/14/2003 10:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/24/2004 5:35:02 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/22/2006 2:40:52 PM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/24/2004 12:36:56 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/22/2006 2:45:24 PM 726 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
8/24/2004 5:35:02 PM HS 84 C:\Documents and Settings\Danielle Austin\Start Menu\Programs\Startup\desktop.ini
2/2/2005 12:44:14 AM 225280 C:\Documents and Settings\Danielle Austin\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Checking files in %USERPROFILE%\Application Data folder...
8/24/2004 12:36:56 PM HS 62 C:\Documents and Settings\Danielle Austin\Application Data\desktop.ini
9/11/2004 6:14:00 PM 0 C:\Documents and Settings\Danielle Austin\Application Data\dm.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
acc=jocker =
acc= =
acc=none =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Autodesk.DWF.ContextMenu
{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} = Viewpoint Toolbar : C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
AtiPTA Atiptaxx.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\IXP000.TMP\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableCAD 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0
DisableTaskMgr 0
DisableRegedit 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 5/1/2006 8:22:06 PM



Last, here's the new scan info from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:18 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Danielle Austin\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 01 May 2006 - 09:26 PM

Here's part of the Panda Active Scan info:

Incident Status Location

Adware:adware/cws Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.peel.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bfast.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcsp9fconpljwpxg8qiuxv2l0_3g9f]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[server.iad.liveperson.net/hc/35569264]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.belnk.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@com[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@newnet.qsrch[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@xmts[2].txt
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.atdmt.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.data.coremetrics.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.statcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.belnk.com/]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.z1.adserver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.toplist.cz/]
Spyware:Cookie/SexList Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.sexlist.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.burstnet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.fortunecity.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[counter.hitslink.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00000635.MOZ[.c2.gostats.com/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.atdmt.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.data.coremetrics.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.statcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.belnk.com/]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.z1.adserver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected

Here's the rest of Panda

C:\RECYCLER\NPROTECT\00000636.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.toplist.c

#9 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 01 May 2006 - 09:28 PM

Here's the rest

C:\RECYCLER\NPROTECT\00000636.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.toplist.cz/]
Spyware:Cookie/SexList Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.sexlist.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.burstnet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.fortunecity.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[counter.hitslink.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00000636.MOZ[.c2.gostats.com/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.atdmt.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.data.coremetrics.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.statcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.belnk.com/]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.z1.adserver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.toplist.cz/]
Spyware:Cookie/SexList Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.sexlist.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.burstnet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.fortunecity.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[counter.hitslink.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00000637.MOZ[.c2.gostats.com/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.atdmt.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.data.coremetrics.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.statcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.belnk.com/]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.z1.adserver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.toplist.cz/]
Spyware:Cookie/SexList Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.sexlist.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.burstnet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.fortunecity.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[counter.hitslink.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00000646.MOZ[.c2.gostats.com/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.atdmt.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.data.coremetrics.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.statcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.belnk.com/]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.z1.adserver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/go Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[server.iad.liveperson.net/hc/23994456]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.toplist.cz/]
Spyware:Cookie/SexList Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.sexlist.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.burstnet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.fortunecity.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[counter.hitslink.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00000648.MOZ[.c2.gostats.com/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00000649.MOZ[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00000649.MOZ[.atwola.com/]

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 02 May 2006 - 06:54 PM

What Version of Norton Antivirus are you using?

#11 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 03 May 2006 - 11:58 AM

symantec ativirus, 2005, version 10.0.1.1000

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 03 May 2006 - 06:29 PM

Lets try this,either write this command down or print it out for reference,youll need it in safe mode.

Go to Safe Mode,this time when presented with the Option of what version of Safe Mode to go into,choose Safe Mode with Command Prompt.

Once the System loads and the dos prompt window is open,type in the command below and hit Enter.

del \\?\c:\recycler\nprotect\*.*

Type Y to any and all prompts you get.


Make note of the space between del and \


Restart Normal and make sure the Recycle Bin is empty,scan once more with Panda and post those results.

#13 Honeyangel35

Honeyangel35
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 03 May 2006 - 09:34 PM

Incident Status Location

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak a Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.peel.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bfast.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcsp9fconpljwpxg8qiuxv2l0_3g9f]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[server.iad.liveperson.net/hc/35569264]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.belnk.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcsc0q8x0oifwzfhzs29j34jl_4z1u]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Danielle Austin\Application Data\Mozilla\Firefox\Profiles\ka79g5dx.default\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@com[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@newnet.qsrch[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Danielle Austin\Cookies\danielle austin@xmts[2].txt

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 May 2006 - 05:02 AM

Looking Better!

Go to Safe Mode and Be sure Windows is Showing Hidden Files.
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\Windows\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)


Open FireFox and Click Tools-> Options-> Privacy-> Click on "Clear All"


Restart Normal and Scan the PC here
http://www.ewido.net/en/onlinescan/

Dont remove anything,just save the report.


Post back with a fresh HijackThis log and the Report from Ewido.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users