Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Tr/click.526 Or Trojan Horse Clicker.fr


  • Please log in to reply
22 replies to this topic

#1 luigi1181

luigi1181

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 04 July 2006 - 03:48 PM

tried Avg, Adaware, Spybot and AntVir, its been making exe files in my system32 folder AntiVir calls it TR/Click526 and AVG calls it Clicker.FR

Logfile of HijackThis v1.99.1
Scan saved at 4:44:33 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Josh\Desktop\hijackthis_sfx-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmxdx.exe] C:\WINDOWS\system32\dmxdx.exe
O4 - HKLM\..\Run: [oxbfa.exe] C:\WINDOWS\system32\oxbfa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C01EFEC-347F-4A47-80EC-7159A25C71D2}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{A17C322C-B8DA-406C-A4E5-CF21F35CE80D}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEFB033C-4DC2-4F17-B1B1-CF601A6727A8}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190
O17 - HKLM\System\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190
O17 - HKLM\System\CS4\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


m

#2 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 05 July 2006 - 01:38 PM

can anybody help?

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2006 - 03:05 PM

Hi tempest and Welcome to the Bleeping Computer!


First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer,Reboot into SAFE MODE(Tap F8 when restarting)
  • Your system may take longer than usual to load; this is normal.
  • Once the desktop loads-> Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

    O1 - Hosts: localhost 127.0.0.1

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [dmxdx.exe] C:\WINDOWS\system32\dmxdx.exe

    O4 - HKLM\..\Run: [oxbfa.exe] C:\WINDOWS\system32\oxbfa.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C01EFEC-347F-4A47-80EC-7159A25C71D2}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A17C322C-B8DA-406C-A4E5-CF21F35CE80D}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FEFB033C-4DC2-4F17-B1B1-CF601A6727A8}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190

    O17 - HKLM\System\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190

    O17 - HKLM\System\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190

    O17 - HKLM\System\CS4\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.114.21,85.255.112.190

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190

    Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close out Ewido Anti-Spyware.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.


Click Start, and then click Search.
Click All files and folders.
In the "All or part of the file name" box, type:

rasphone.pbk

Verify that "Look in" is set to "Local Hard Drives" or to (C:).
Click "More advanced options."
Check "Search system folders."
Check "Search subfolders."
Click Search.
Click Find Now or Search Now.

If you find rasphone.pbk file, right-click the file, and then click "Open With."
Deselect the "Always use this program to open this program" check box.
Scroll through the list of programs and double-click Notepad.
When the file opens, delete the entries below:

IpDnsAddress = 85.255.114.21
IpDns2Address = 85.255.112.190
IpNameAssign = 2



Restart the Computer back into Normal Mode


Now open the Control Panel-> In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems.


Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Please have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from Ewido and Panda

#4 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 05 July 2006 - 07:50 PM

hijack this
Logfile of HijackThis v1.99.1
Scan saved at 8:58:45 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Josh\Desktop\HijackThis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Panda

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt[.target.com/]
Adware:adware/cws Not disinfected C:\Documents and Settings\Josh\Favorites\Download Free Spyware Remover.url



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:19:43 PM 7/5/2006

+ Scan result:



C:\WINDOWS\system32\{00CEA06D-CDC0-4EED-8B47-C83260A60DD9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{01F09B77-74F3-46D2-8586-7EE147E3331E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{03276B9C-3364-4EDE-946F-7D5B6EDB59D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0611D07C-F110-4B09-B868-F2A69B6C6FCF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06D82B74-3E3E-4564-A023-E31691ADD2DE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06E93F99-1575-4B29-9C2F-A51CB77D198A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0792A921-78DB-4F0C-A82C-0753DB6C77D7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0922C267-1845-48BF-AB9C-9EE230858734}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0998A371-E3B9-4AC5-9CEF-EA7CFD90BA9B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{09DA9A04-56ED-45AE-81E5-19E6E5FD1F75}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0B13E88C-A415-4A05-BA81-687A4E0583E4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0D1FE8C9-4A1B-46E5-A8FB-0802D558C62F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0E54F2B3-2F9B-4A96-B1CF-800AB059489A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0E79CF28-23DD-432F-8BC5-1E6CFFFADE72}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{10C2AD96-7CFC-4CA1-9298-54FA604D847C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{11DC07EF-E728-4D08-AF15-7C80F3EE3F71}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{12D1B120-CE93-4EAC-8F24-A5D8EE7EB93B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{156920F9-F70B-4321-81AA-A24F593FF475}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{15803CB2-E858-484A-BB83-51BBC8B0570A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{16344800-4029-4F6E-8EFD-918927D5E696}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{16B45C2A-2439-4867-AF47-0E75E021F254}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{178A221F-35AF-4A6C-877C-DEF3EB8AED3A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{18860182-4E7A-4147-82F6-C3DB7C60341A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{18D8E311-4704-4590-A321-F8327E3F9D04}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1CC8EF60-75F9-4BD2-ABE4-8FA2BB107189}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{20615B69-E117-4AB9-BE5A-76B11C905697}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{293BC4E5-5A7A-41FA-9226-A8CEC62297E2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{29A033EC-DD94-474B-9776-CDD140EFB15F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2CFF98C0-EFD1-4713-AA2A-369C10332175}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2EE5CA6B-A393-4CCB-AD25-6077B086037D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{30397F5F-9F3C-4F20-87A3-B14088092B32}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{30FDBFD6-0351-4E22-9CAC-0AD567155B13}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{334A3FA1-1795-4223-8570-C5ECE29634D7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3696C07F-50DD-4CFE-8137-1AB91A007E31}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{36A9C2F7-E0AD-45B7-8E9F-FD1D520DA0E0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3ACF0D02-9646-4B7D-AA32-885C4B54AAEF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3B60B287-3548-45EA-8D99-AA66AC966C88}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3CB4BFF6-097B-455A-9174-DFD660962E72}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3D31B633-CF9C-4B9C-AC09-3FECE8EB5FF1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3EE97606-BE97-41F4-8823-9F0571675E3E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3F17F6F0-FBAB-42EA-96C5-C990AC1EE7CD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3F8DC941-ED6D-4F66-9349-F3FBF03F42E8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{40EFAE4B-1498-4750-99ED-AAE5362D5E2A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4131B2F4-12AF-4FF8-9BD6-B01798D5FD62}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{425A481F-4C42-4BDC-84C9-2AD374127DE8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{42DB4903-8274-4BFD-92AC-592652838AA6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{451F02C3-C073-4814-A3D0-89839BD5B49F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{47FF20DA-1289-4059-B76E-020ABBC47BF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{486B0524-E93E-4FA5-8523-8A7A6E45F57A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4ABCF86E-3584-4D55-A225-BD6DAE2C9AEC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4BA3DF80-F18D-4452-919D-CA4406DEC4B3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4C1BCCF4-EB9F-4D43-BD67-32E87A1E64C9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4F9F46AB-4D2B-41A5-9FED-BF450C47E4F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{51318E5A-7361-40A8-8557-AC49CBC57BB0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{52010BB2-677F-4BB6-880E-0304945A6EEE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{53255A48-4A78-43DD-963D-EC993896C13E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{56F513B6-4631-411E-8D6E-F5493261239A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5807CB2C-E83E-4FBB-8383-EA8501B255D4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{58F0A7D0-67A0-4E1E-B88C-D1EC1248A616}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5A81D330-14F9-48FA-8E1E-D1478B302820}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5B02077C-504F-4D87-B87B-6CA25EDC8101}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5B6E69F8-C4D5-483A-B2FB-8ED93D34696F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5BEB3C7A-BB7B-475A-A421-A7C8E8EB28FB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5D01D4C7-969A-4E7D-8C4B-8739D3E3CD76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FC1223C-15A8-41CD-9CD1-55A0403437EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FD79A91-DBC8-416F-A76A-FC000078BCAA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{631918C9-CEA3-4026-BA6F-A3340BBBBBC9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{63B1C3DE-02AE-4668-9E57-E87FE1B24382}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6EF370FB-C318-4E84-BB8E-AAE8271AB16E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7017EBE6-3BBA-405C-A294-6A540FF77C42}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{703A6060-0EFB-44B5-A652-5E43BF393D79}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{72E0AE3E-79FE-4ECD-B031-5387F60792CB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7395BDD4-237B-4349-90DD-A49B612FAA6A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{74CAE9F7-D071-4A8F-A436-4211AAF62434}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{75D98BA8-A5E8-41B8-BBB6-2E6D65D63619}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{76EB975A-E877-4C62-8C6C-82E2606CC8AF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{776DF41F-3EC7-4C5C-8FD3-32A697E2E570}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{779F0D9E-CBA9-4880-B1BF-CE87E704E608}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{77C85A8A-4238-4207-BFFF-9706A73698BF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{796F671F-7B98-45ED-9E68-A80225B83691}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7A0FDA2A-63DB-46C4-B5E7-3F4F4B19E8A7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7B50D803-9F0F-46FD-BD99-F9C660FC7037}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7F058D0D-1C4A-4F6B-8459-4EF9097A35B5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7FFE9063-8A2D-4E24-BFDA-A41541296EE8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{81DF23F4-8EF5-4642-A41A-2F5C15DA3689}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{823BC919-FB8D-41DA-ACC4-0AE5744724CA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{83F58C0F-23D3-4255-A570-3B7BA82CC63D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86093FC2-4334-4377-81D7-1E61935A6971}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86A76CFB-F09E-4091-ADFB-6145C22BBC56}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86A9DBEA-780F-41FB-A1F7-FA8A167D5FFF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{874A9EC6-46EC-422D-9395-885A9CC608D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8784927F-514A-468E-B25F-3375E9EB6189}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{88220C0C-DF78-485B-9E60-553F65219483}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8A06369F-4916-40CC-A953-DA1E31323191}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8A1BC973-FF54-4467-BFED-83E108F13628}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8BFB176C-C3E3-4951-AE6C-BB31959B4691}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8DC17ED8-D3F7-45E9-9C5F-2BF71038EA22}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8DC61014-9B57-4437-9827-B617A0B2000E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8FD0F961-EA3B-402A-8916-1B87D6A7C602}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{90617E97-1F14-4B23-A186-5C78D157CE4E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{91B75020-026F-4BB4-8B91-4755495A294B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{91F6E3CC-3585-452F-BCC2-60FC212ED1EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9336D268-3154-46FD-966C-4B6B44EABBAC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{95C576C5-48BD-4EBD-8095-959C7C9213BA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9687B3E0-48AF-49FE-82EA-626A1C70813A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{97540532-90BB-4E13-9540-136F84DCE717}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{97B80A35-2392-4A34-B3AD-DA7C838F268E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9919F10A-A18C-47FD-95A1-E23C9E0D71D8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9E148CA5-A233-4F93-9545-4D020536A41E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A0514035-37CC-4154-A35F-FFFCFAEDE44B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A56FFF1D-39F4-467B-9FF4-CE1E1818B40D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A5E1B1DB-A157-41A5-9F20-A6C8218D6BA0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A6E60197-D54B-4E59-9F16-0D667003C793}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A7B3E947-6B59-44CB-BCBE-1DAD1A313AE1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A9A655B5-21D7-4FE5-AC5F-8A3B5141AF2F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ABE1AD99-99BC-4D7A-B663-3B69DDF81FFE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ABE6D7E1-7FB5-488F-8821-38DAE7582C51}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC14A161-0FED-4599-99EE-F609A643192B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ADFBF076-D801-48A2-A7C1-AFD449F9B8A3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B554E081-01F6-417F-9207-3C8149A047ED}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B5639B36-79A4-47DB-9940-858110B673E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B6E1924D-8EAC-407D-B3BD-2BFA4A8D5C1B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B7DF608E-A83A-43C9-853F-3DCBCABCB2EE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B9A21E0E-5124-493D-B276-96AFF399B456}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BA7E4583-B60D-4BE9-AF4B-7194FB1B9E83}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BE7F4639-61CA-4D26-85FA-79D30422CDA2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BF187B4C-88B7-4D6F-8F67-67DB6C195E94}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C05D09D9-6988-40A0-86F8-103EA27B35D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C0805B8C-56D0-40B4-8862-F8D51DCBBF04}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C117EBF6-996B-46E3-83B7-8029F86F5D38}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C1D9D89D-EE4C-4D7A-8212-DE4214423354}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C4642550-6B9E-481F-B03B-172D2B35061C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C695331B-EB0D-4C1A-B628-3EFDD86F5250}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C852D2D3-D2F8-4370-ADC4-7CAA35762D6E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C9526CC6-BABE-46CD-BFA3-EACE1267ABE4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C96E9B8E-281D-4D39-9ACB-B52E019EF682}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CA43633E-0E11-422C-9913-C90B52166AFD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CB4A8952-BA39-4532-8717-61978C07FCF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CC891487-9CA4-4C75-87E9-D5C2048C314B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CCA2325C-4FCF-4B16-90CE-2EAED728A671}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CCCF1314-9AFA-4290-B586-2CD07A0940DD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CD1BB323-9C6B-4718-9614-E42DE2C8FFD6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CF86AC0E-0192-475F-9D44-09EEC5C39FA1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D0E6869B-1C97-440A-83A6-CEFD8B328EEC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D53FD93B-8D31-4248-823E-A79480BA1D19}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D69755BD-9FAA-4848-93C7-05E14E78DB70}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D86412A4-C146-43AB-8868-A31C3259326A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D8FED50E-7965-4284-817C-44CC5766947A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DB91148F-9FA5-467E-9BA1-748365BB188C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DBD66896-0AC7-4500-A556-C35D262D9950}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DD0ADD1A-9D30-4F5F-A2E0-330E5A9923D0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE60AE4D-8DB9-43D9-BD61-86389B8D7DFE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE7CA97F-CA68-41EC-B25A-A53A19014B9D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE9F566E-26D8-4ADD-A878-9047A7A0C7C3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E0E9B7CD-1BE0-4539-8546-ABD2FC09D3DE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E24F9D26-93EA-44FA-A5FE-56C3CFE417D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E64E9DA5-5658-4520-969C-56921CE98738}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E6774340-5BD1-4119-9D74-B1C658C2E22D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E798F577-8432-4525-A9E5-2365A89BA985}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EA3DB63B-6C21-40D4-B172-468B798B776F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cswcg.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.632:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.609:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.622:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.623:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstnet : Cle

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2006 - 09:25 PM

By chance did you get a copy of report.txt from Fix WareOut,I seem to have forgotten to ask you to post that report.

There may be a copy on either your C drive or in the BFU folder.


The ewido log seems to have gotten cut off but uit sure looks like it did a jam up job.


If you will,post the ewido log by itself and report.txt if you find it.

#6 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 06 July 2006 - 05:34 AM

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB1ABA9F703C-6D69-FC54-6C02-2362A081{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33E06AC00A57-40DB-3904-E00B-42A50CC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F755C6C57A64-AE69-66E4-C415-C1D63E49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}217D6A3997F8-F67B-3324-C7F5-337B9E95{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1E1E1CDA2AF5-C119-6EE4-DEDA-75E077E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78E38D28F9AF-014B-5DD4-672B-5471179F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}592DCC3D6C19-B3C9-F684-8F1D-04090D2A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A8FBD2DFC2F-4699-1B64-CBD6-AFDEDE24{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BBD0D1995F2D-15AA-9EB4-A42D-00CE0258{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90A9C1FAC892-D179-E7A4-DF3B-9DC2EFF4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D5FAC4AEFB0F-1C59-AEB4-F819-4A93E19B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3FCF6E2ADB66-4F19-3394-AB6D-164778EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}671FBF0F747C-82B8-E2D4-B76A-E1DB744E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}088F06D081F2-9AD9-DDA4-8D43-7E125F5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}679F2EB3DA48-13AB-2974-09D2-4D52CBF4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}87E3CA16AD74-6858-8604-EA78-49DB0B02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8ACA4142C51D-2718-1734-F57B-BA611F39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}71174498E1D1-8E38-96D4-5BC6-9916836F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1450C51D1249-E068-F1F4-6563-4DE5B554{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F47716DD377-853A-0B44-7554-AA8FD664{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3E7FBBE8114-BD49-7194-DCE1-E2A5824F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EBFCE865648A-AF98-1154-EA1C-4EDE4BD2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BEE8C7A7A829-8CEA-8E44-E5E2-CDD3FD02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22C98FC176FD-A17B-2A94-B136-118587C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAE9A130629A-35EA-24D4-99EA-AE1252DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7C3397EAA1D-E75A-D774-0E2D-2A508A97{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75B7D55E13B3-7239-F214-D226-A5CF70AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}354CBD1A0DC4-EA2B-C774-BC3B-49FCCB48{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D54BA1567C0-F409-3744-0C31-9974DC78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3855BDF7EA9C-263A-B2D4-8D80-E2ECF3A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B2EE8AE94CA-68CB-AE84-F34E-08F5110C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}762E937B2994-DAF9-BB24-0EAF-88EF81C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}145B51A44034-2FB8-45F4-A679-2D165CFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE4EF35A47C9-1D39-E954-F39A-5AB986F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B0B0A0879397-1AFB-7424-E8F3-83D824FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE03166B622E-8799-F9D4-28D9-93D273EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90C4B8C77B9F-35B9-35A4-E28F-EB3A8B5A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E7EC92D283FC-FC8B-6F04-B7EB-5A72C70E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35DD346B2C86-DD18-A5E4-FC76-5236959A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CAA00A8744C-A04A-85D4-87AB-6593BC70{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9BFF5D0BCBAB-A90A-8BD4-886C-0C1C0EA8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FE6E72B86D4-2E3A-4474-41BC-0AACF1AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7519FB778430-D058-E874-97D7-95A6642E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DA7841B3955-ACE8-9B34-5DDC-A88DB503{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}229C3539BC29-97DB-FA84-CAA8-082E2327{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28737444EE6B-62CB-9724-D21D-5FA7149D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C81A2F673A7-CE2B-93A4-7173-8856A8AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EBA04026F992-7448-5B44-5012-37C1A95A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5982638D7C5B-776B-8934-9168-64AC162F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}486A146C5E82-382A-4AE4-153D-44CDCA21{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ACDF33A67B9F-C4D8-2AA4-5657-EB7F7381{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08DB5EAD4624-6688-8734-C92E-4FC76BE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35B461CF102F-73F9-0BE4-377B-4BA3DDED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E116EB85CE44-114A-33D4-2959-A81A3102{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}843B53E7B486-45C8-C044-8A73-17445115{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}885A91804A7B-B708-4A14-6183-21DB080B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B0B0E740FF8-7F18-0204-D1DD-FFD97ACD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E34B06D9B88D-398B-F354-588D-079C9908{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53E9EF20BA61-A72B-5224-2FB0-822A8EF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}61E1CF13D4FF-1639-6704-1E21-FF213ABE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA3603EA9584-7E2B-6804-0530-7922E73D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\lhsmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA5F444CC1EB-292A-3D84-1E62-66A28055{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C4827001990-787A-2CC4-013A-BC56542A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36E80CB6CBF7-DADB-6314-FC1D-1BC7D2DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}03FCB2C43FE3-1D3B-D944-F351-2E068891{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EEDB4AF2EBE7-DCBA-5024-55D2-F1972E49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5435C1CACEAF-08EB-EC44-8453-A759AACA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17A6B4828002-29BB-FDB4-9473-9421744C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF5ECB988C74-FA98-FAC4-CC2E-0CB2B227{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B215C4862822-B30B-74C4-990B-71947A0A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4A0F1D11E5D4-0E1A-8324-68BD-06182139{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4A5D87E4A3B7-2748-01A4-3F30-28736D49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58E30F315226-6488-B2A4-FE28-330F3686{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}255926157B45-475A-F954-30E3-7C2637F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B702E3ED1A77-681A-7854-4856-B20DAF63{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CC3BFD24ED0B-F9E8-7C14-32AC-1D0341DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}528AD326CDCA-23F8-F6E4-F080-3AE93DC1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D5901DF728AB-B0EB-3FE4-1159-4D11ACCF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F13BAA234F6-288B-B4C4-043E-2354BC7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6240128AA5C7-C42B-45A4-5241-BB03E72A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B5E8A8ACD3E-46DA-3BA4-84E5-F2E23F95{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2811603D73C-890A-B244-D07B-B4E00162{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9863AD51C5F2-A14A-2464-5FE8-4F32FD18{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68664B43C4EA-A77A-D214-3F92-A3BE5B59{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97D393FB34E5-256A-5B44-BFE0-0606A307{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F94B5DB93898-0D3A-4184-370C-3C20F154{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A14306C7BD3C-6F28-7414-A7E4-28106881{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0750B8CBB15-38BB-A484-858E-2BC30851{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9816BE9E5733-F52B-E864-A415-F7294878{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}096DD489AB18-1169-C8B4-DEBD-18C0B89B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB31F6DDFB8D-2289-ACD4-B761-8535BD3E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CFA8843EEEC-EE19-8844-9ED9-5333F5DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E077C5DA9A58-A7BA-A4B4-9A86-60F73806{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}038F04192DF1-07B9-F514-394F-833339A0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B08A3E6BBAF1-027A-E964-4AD7-F3B43834{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7ED937D738A1-866A-F3E4-4469-BB925828{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}39459C82A68E-815A-37C4-EFE5-0E799855{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0FED02679516-3F7B-B784-5CA9-9FC51714{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00D1731371A9-68FB-FA64-F9F3-1D3BCCAC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FD8A2EAE7F7F-C299-8804-2CE9-97DFE9B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C04C86F60082-9A9B-CE84-2C27-FB9523EB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A6239523C13A-8688-BA34-641C-4A21468D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A6AAF216B94A-DD09-9434-B732-4DDB5937{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}696E5D729819-DFE8-E6F4-9204-00844361{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0FEA25B701C-D4EB-8944-2177-CD3AF7CE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40FBBCD15D8F-2688-4B04-0D65-C8B5080C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}176A827DEAE2-EC09-61B4-FCF4-C5232ACC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0525F68DDFE3-826B-A1C4-D0BE-B133596C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FFF5D761A8AF-7F1A-BF14-F087-AEBD9A68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91D1AB08497A-E328-8424-13D8-B39DF35D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC29706F7835-130B-DCE4-EF97-E3EA0E27{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}654B993FFA69-672B-D394-4215-E0E12A9B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27EDAFFFC6E1-5CB8-F234-DD32-82FC97E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1AF93C5CEE90-44D9-F574-2910-E0CA68FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B53A7909FE4-9548-B6F4-A4C1-D0D850F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED3D90CF2DBA-6458-9354-0EB1-DC7B9E0E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}286FE910E25B-BCA9-93D4-D182-E8B9E69C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB3129C7C959-5908-DBE4-DB84-5C675C59{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F677B897B864-271B-4D04-12C6-B36BD3AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AC4274475EA0-4CCA-AD14-D8BF-919CB328{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B4CED6044AC-D919-2544-D81F-08FD3AB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E79226CEC8A-6229-AF14-A7A5-5E4CB392{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DC7EE1CA099C-5C69-AE24-BABF-0F6F71F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D17D0E9C32E-1A59-DF74-C81A-A01F9199{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38E9B1BF4917-B4FA-9EB4-D06B-3854E7AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E862F838C7AD-DA3B-43A4-2932-53A08B79{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F51BFE041DDC-6779-B474-49DD-CE330A92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E61BA1728EAA-E8BB-48E4-813C-BF073FE6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}16923EA46DAC-AB99-FFB4-C37A-A925D6EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E6D26753AAC7-4CDA-0734-8F2D-3D2D258C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7D43692ECE5C-0758-3224-5971-1AF3A433{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22AE83017FB2-F5C9-9E54-7F3D-8DE71CD8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4EC751D87C5-681A-32B4-41F1-79E71609{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C748D406AF45-8929-1AC4-CFC7-69DA2C01{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6AA838256295-CA29-DFB4-4728-3094BD24{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1796A53916E1-7D18-7734-4334-2CF39068{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DD06A06238C-74B8-DEE4-0CDC-D60AEC00{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23B29088041B-3A78-02F4-C3F9-F5F79303{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A75F54E6A7A8-3258-5AF4-E39E-4250B684{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19638B52208A-86E9-DE54-89B7-F176F697{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5622143B24B1-F7B8-47F4-1DC8-FF88F51F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}07BD87E41E50-7C39-8484-AAF9-DB55796D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7307CF066C9F-99DB-DF64-F0F9-308D05B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}806E407E78EC-FB1B-0884-9ABC-E9D0F977{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEE823B8DFEC-6A38-A044-79C1-B9686E0D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38491256F355-06E9-B584-87FD-C0C02288{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B44EDEAFCFFF-F53A-4514-CC73-5304150A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17F3EE3F08C7-51FA-80D4-827E-FE70CD11{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}26DF5D89710B-6DB9-8FF4-FA21-4F2B1314{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40D9F3E7238F-123A-0954-4074-113E8D81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C881BB563847-1AB9-E764-5AF9-F84119BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}397C300766D0-61F9-95E4-B45D-79106E6A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0AB6D8128C6A-02F9-5A14-751A-BD1B1E5A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B1C5D8A4AFB2-DB3B-D704-CAE8-D4291E6B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8ED721473DA2-9C48-CDB4-24C4-F184A524{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}82631F801E38-DEFB-7644-45FF-379CB1A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B413C8402C5D-9E78-57C4-4AC9-784198CC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1EA313A1DAD1-EBCB-BC44-95B6-749E3B7A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CBBBBB0433A-F6AB-6204-3AEC-9C819136{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CABBAE44B6B4-C669-DF64-4513-862D6339{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B9AB09DFC7AE-FEC9-5CA4-9B3E-173A8990{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}717ECD48F631-0459-31E4-BB09-23504579{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9321623945F-E6D8-E114-1364-6B315F65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F07AB3A9854C-9FDB-5394-A697-C0F4E41F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E31C698399CE-D369-DD34-87A4-84A55235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A891D77BC15A-F2C9-92B4-5751-99F39E60{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E376B011858-0499-BD74-4A97-63B9365B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}616A8421CE1D-C88B-E1E4-0A76-0D7A0F85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCF6C6B96A2F-868B-90B4-011F-C70D1160{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0002B0A716B-7289-7344-75B9-41016CD8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9B41091A35A-A52B-CE14-86AC-F79AC7ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0EB8AF5181C7-3E3A-B0B4-AA77-6BD16D1F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFF18FDD96B3-366B-A7D4-CB99-99DA1EBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FCF70C87916-7178-2354-93AB-2598A4BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67DC3E3D9378-B4C8-D7E4-A969-7C4D10D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0BB75CBC94CA-7558-8A04-1637-A5E81315{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1964B95913BB-C6EA-1594-3E3C-C671BFB8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E14A635020D4-5459-39F4-332A-5AC841E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}07028527F7C9-088A-B394-28AA-069CF5FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4533244124ED-2128-A7D4-C4EE-D98D9D1C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B492A5945574-19B8-4BB4-F620-02057B19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D730680B7706-52DA-BCC4-393A-B6AC5EE2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}716B08768939-DABA-A604-F2C8-CEBDC12B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FCDB18F422A-CF8A-FE24-D887-D9F57671{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E527D5D411A5-1D0B-7784-467D-A114FBFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F6F15395F4F-7F4B-3444-B211-FAFA8259{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}96A93265301A-5E18-41F4-BDD6-0B9C9A3D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAF9A9AED73B-B709-B064-6932-D2E10F48{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F346A889FE6D-744A-D774-717D-174B6E71{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED2DDA19613E-320A-4654-E3E3-47B28D60{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2ADC22403D97-AF58-62D4-AC16-9364F7EB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}075E2E796A23-3DF8-C5C4-7CE3-F14FD677{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D36CC28AB7B3-075A-5524-3D32-F0C85F38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D714EFC3C65-EF5A-AF44-AE39-62D9F42E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD0490A70DC2-685B-0924-AFA9-4131FCCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}88C669CA66AA-99D8-AE54-8453-782B06B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE1DE212CF06-2CCB-F254-5853-CC3E6F19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57123301C963-A2AA-3174-1DFE-0C89FFC2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EE69214514A-ADFB-42E4-D2A8-3609EFF7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}981701BB2AF8-4EBA-2DB4-9F57-06FE8CC1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15C2857EAD83-1288-F884-5BF7-1E7D6EBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}437858032EE9-C9BA-FB84-5481-762C2290{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFD7D8B98368-16DB-9D34-9BD8-D4EA06ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D95BDE6B5D7-F649-EDE4-4633-C9B67230{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91636D56D6E2-6BBB-8B14-8E5A-8AB89D57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F26C855D2080-BF8A-5E64-B1A4-9C8EF1D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE740A9418C3-7029-F714-6F10-180E455B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A2E5D2635EAA-DE99-0574-8941-B4EAFE04{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A31807C1A626-AE28-EF94-FA84-0E3B7869{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F4E74C054FB-DEF9-5A14-B2D4-BA64F9F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}028203B8741D-E1E8-AF84-9F41-033D18A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}206C7A6D78B1-6198-A204-B3AE-169F0DF8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A8B9F944DFA-1C7A-2A84-108D-670FBFDA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65CBB22C5416-BFDA-1904-E90F-BFC67A68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2FA1415B3A8-F5CA-5EF4-7D12-5B556A9A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E1333E741EE7-6858-2D64-3F47-77B90F10{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43426FAA1124-634A-F8A4-170D-7F9EAC47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C46E1A78E23-76DB-34D4-F9BE-4FCCB1C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}796509C11B67-A5EB-9BA4-711E-96B51602{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70DF37DA6936-3508-75A4-F56E-A8290F3F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFA66125B09C-3199-C224-11E0-E33634AC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7496675CC44-C718-4824-5697-E05DEF8D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49E591C6BD76-76F8-F6D4-7B88-C4B781FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FF5BE8ECEF3-90CA-C9B4-C9FC-336B13D3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F69643D39DE8-BF2B-A384-5D4C-8F96E6B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6DFF8C2ED24E-4169-8174-B6C9-323BB1DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF82BE8E8C7A-124A-A574-B7BB-A7C3BEB5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28342B1EF78E-75E9-8664-EA20-ED3C1B36{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D04B8181E1EC-4FF9-B764-4F93-D1FFF65A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A984950BA008-FC1B-69A4-B9F2-3B2F45E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19132313E1AD-359A-CC04-6194-F96360A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13E700A19BA1-7318-EFC4-DD05-F70C6963{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E0AD025D1DF-F9E8-7B54-DA0E-7F2C9A63{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C739EC82E8D8-CB8A-1394-ACC6-90A7CDBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B39BE7EE8D5A-42F8-CAE4-39EC-021B1D21{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D806CC9A588-5939-D224-CE64-6CE9A478{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0599D262D53C-655A-0054-7CA0-69866DBD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB89637A6079-FFFB-7024-8324-A8A58C77{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FEAA45B4C588-23AA-D7B4-6469-20D0FCA3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24C77FF045A6-492A-C504-ABB3-6EBE7107{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57F1DF5E6E91-5E18-EA54-DE65-40A9AD90{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE7343040A55-1DC9-DC14-8A51-C3221CF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27E269066DFD-4719-A554-B790-6FFB4BC3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C16053B2D271-B30B-F184-E9B6-0552464C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AACB870000CF-A67A-F614-8CBD-19A97DF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B291346A906F-EE99-9954-DEF0-161A41CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1E8EDE5A2581-B10A-F1A4-2F7B-52F23A3F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E3850E4A786-18AB-50A4-514A-C88E31B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE2BCBACBCD3-F358-9C34-A38A-E806FD7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3DEA8BE3FED-C778-C6A4-FA53-F122A871{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83D5F68F9208-7B38-3E64-B699-6FBE711C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EEE6A5494030-E088-6BB4-F776-2BB01025{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3E5761750F9-3288-4F14-79EB-60679EE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEA9C2EAD6DB-522A-55D4-4853-E68FCBA4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}574FF395F42A-AA18-1234-B07F-9F029651{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F50FC1F0439-CEAA-3CB4-8AE5-E463D6FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1018CDE52AC6-B78B-78D4-F405-C77020B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB349CA72828-833A-66D4-5A08-B704067E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A8AA9E7944DB-A108-A794-DB8D-C1440E98{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C83FA73D0E9D-B0A9-78C4-B5E4-82BC19F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A8E91B4F4F3-7E5B-4C64-BD36-A2ADF0A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83789EC12965-C969-0254-8565-5AD9E46E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D552B1058AE-3838-BBF4-E38E-C2BC7085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C7C0A7A7409-878A-DDA4-8D62-E665F9ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D53B72AE301-8F68-0A04-8896-9D90D50C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D3299A5E033-0E2A-F5F4-03D9-A1DDA0DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FA8CC6062E28-C6C8-26C4-778E-A579BE67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}31B551765DA0-CAC9-22E4-1530-6DFBDF03{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FB74CBBA020-E67B-9504-9821-AD02FF74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}589AB98A5632-5E9A-5254-2348-775F897E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7D77C6BD3570-C28A-C0F4-BD87-129A2970{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}452F120E57E0-74FA-7684-9342-A2C54B61{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4EBA7621ECAE-3AFB-DC64-EBAB-6CC6259C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8E24F30FBF3F-9439-66F4-D6DE-149CD8F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D22E2C856C1B-47D9-9114-1DB5-0434776E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDB2119FE803-2F1A-5B34-EA4E-7671646C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E3B974ACB91-9FE8-F0D4-CA40-4FAB0AD0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EC1D609B291F-F95A-0834-CC5E-20B99AFD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmshl.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSWCG.EXE

Misc files

Checking for older varients covered by the Rem3 tool


Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSWCG.EXE 51,293 2006-07-03
C:\WINDOWS\SYSTEM32\DMSHL.EXE 44,097 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{E6774340-5BD1-4119-9D74-B1C658C2E22D}.exe
{3F8DC941-ED6D-4F66-9349-F3FBF03F42E8}.exe
{C9526CC6-BABE-46CD-BFA3-EACE1267ABE4}.exe
{16B45C2A-2439-4867-AF47-0E75E021F254}.exe
{0792A921-78DB-4F0C-A82C-0753DB6C77D7}.exe
{E798F577-8432-4525-A9E5-2365A89BA985}.exe
{47FF20DA-1289-4059-B76E-020ABBC47BF4}.exe
{30FDBFD6-0351-4E22-9CAC-0AD567155B13}.exe
{76EB975A-E877-4C62-8C6C-82E2606CC8AF}.exe
{DD0ADD1A-9D30-4F5F-A2E0-330E5A9923D0}.exe
{C05D09D9-6988-40A0-86F8-103EA27B35D5}.exe
{DE9F566E-26D8-4ADD-A878-9047A7A0C7C3}.exe
{5807CB2C-E83E-4FBB-8383-EA8501B255D4}.exe
{E64E9DA5-5658-4520-969C-56921CE98738}.exe
{7A0FDA2A-63DB-46C4-B5E7-3F4F4B19E8A7}.exe
{5B02077C-504F-4D87-B87B-6CA25EDC8101}.exe
{156920F9-F70B-4321-81AA-A24F593FF475}.exe
{4ABCF86E-3584-4D55-A225-BD6DAE2C9AEC}.exe
{3EE97606-BE97-41F4-8823-9F0571675E3E}.exe
{52010BB2-677F-4BB6-880E-0304945A6EEE}.exe
{C117EBF6-996B-46E3-83B7-8029F86F5D38}.exe
{178A221F-35AF-4A6C-877C-DEF3EB8AED3A}.exe
{B7DF608E-A83A-43C9-853F-3DCBCABCB2EE}.exe
{0B13E88C-A415-4A05-BA81-687A4E0583E4}.exe
{AC14A161-0FED-4599-99EE-F609A643192B}.exe
{5FD79A91-DBC8-416F-A76A-FC000078BCAA}.exe
{C4642550-6B9E-481F-B03B-172D2B35061C}.exe
{3CB4BFF6-097B-455A-9174-DFD660962E72}.exe
{5FC1223C-15A8-41CD-9CD1-55A0403437EA}.exe
{09DA9A04-56ED-45AE-81E5-19E6E5FD1F75}.exe
{7017EBE6-3BBA-405C-A294-6A540FF77C42}.exe
{3ACF0D02-9646-4B7D-AA32-885C4B54AAEF}.exe
{77C85A8A-4238-4207-BFFF-9706A73698BF}.exe
{DBD66896-0AC7-4500-A556-C35D262D9950}.exe
{874A9EC6-46EC-422D-9395-885A9CC608D9}.exe
{12D1B120-CE93-4EAC-8F24-A5D8EE7EB93B}.exe
{36A9C2F7-E0AD-45B7-8E9F-FD1D520DA0E0}.exe
{3696C07F-50DD-4CFE-8137-1AB91A007E31}.exe
{8A06369F-4916-40CC-A953-DA1E31323191}.exe
{0E54F2B3-2F9B-4A96-B1CF-800AB059489A}.exe
{A56FFF1D-39F4-467B-9FF4-CE1E1818B40D}.exe
{63B1C3DE-02AE-4668-9E57-E87FE1B24382}.exe
{5BEB3C7A-BB7B-475A-A421-A7C8E8EB28FB}.exe
{CD1BB323-9C6B-4718-9614-E42DE2C8FFD6}.exe
{5B6E69F8-C4D5-483A-B2FB-8ED93D34696F}.exe
{3D31B633-CF9C-4B9C-AC09-3FECE8EB5FF1}.exe
{BF187B4C-88B7-4D6F-8F67-67DB6C195E94}.exe
{D8FED50E-7965-4284-817C-44CC5766947A}.exe
{CA43633E-0E11-422C-9913-C90B52166AFD}.exe
{20615B69-E117-4AB9-BE5A-76B11C905697}.exe
{4C1BCCF4-EB9F-4D43-BD67-32E87A1E64C9}.exe
{74CAE9F7-D071-4A8F-A436-4211AAF62434}.exe
{01F09B77-74F3-46D2-8586-7EE147E3331E}.exe
{A9A655B5-21D7-4FE5-AC5F-8A3B5141AF2F}.exe
{86A76CFB-F09E-4091-ADFB-6145C22BBC56}.exe
{ADFBF076-D801-48A2-A7C1-AFD449F9B8A3}.exe
{8FD0F961-EA3B-402A-8916-1B87D6A7C602}.exe
{5A81D330-14F9-48FA-8E1E-D1478B302820}.exe
{4F9F46AB-4D2B-41A5-9FED-BF450C47E4F1}.exe
{9687B3E0-48AF-49FE-82EA-626A1C70813A}.exe
{40EFAE4B-1498-4750-99ED-AAE5362D5E2A}.exe
{B554E081-01F6-417F-9207-3C8149A047ED}.exe
{0D1FE8C9-4A1B-46E5-A8FB-0802D558C62F}.exe
{75D98BA8-A5E8-41B8-BBB6-2E6D65D63619}.exe
{03276B9C-3364-4EDE-946F-7D5B6EDB59D9}.exe
{DE60AE4D-8DB9-43D9-BD61-86389B8D7DFE}.exe
{0922C267-1845-48BF-AB9C-9EE230858734}.exe
{ABE6D7E1-7FB5-488F-8821-38DAE7582C51}.exe
{1CC8EF60-75F9-4BD2-ABE4-8FA2BB107189}.exe
{7FFE9063-8A2D-4E24-BFDA-A41541296EE8}.exe
{2CFF98C0-EFD1-4713-AA2A-369C10332175}.exe
{91F6E3CC-3585-452F-BCC2-60FC212ED1EA}.exe
{3B60B287-3548-45EA-8D99-AA66AC966C88}.exe
{CCCF1314-9AFA-4290-B586-2CD07A0940DD}.exe
{E24F9D26-93EA-44FA-A5FE-56C3CFE417D9}.exe
{83F58C0F-23D3-4255-A570-3B7BA82CC63D}.exe
{776DF41F-3EC7-4C5C-8FD3-32A697E2E570}.exe
{BE7F4639-61CA-4D26-85FA-79D30422CDA2}.exe
{06D82B74-3E3E-4564-A023-E31691ADD2DE}.exe
{2EE5CA6B-A393-4CCB-AD25-6077B086037D}.exe
{91B75020-026F-4BB4-8B91-4755495A294B}.exe
{C1D9D89D-EE4C-4D7A-8212-DE4214423354}.exe
{9E148CA5-A233-4F93-9545-4D020536A41E}.exe
{8BFB176C-C3E3-4951-AE6C-BB31959B4691}.exe
{51318E5A-7361-40A8-8557-AC49CBC57BB0}.exe
{5D01D4C7-969A-4E7D-8C4B-8739D3E3CD76}.exe
{CB4A8952-BA39-4532-8717-61978C07FCF4}.exe
{ABE1AD99-99BC-4D7A-B663-3B69DDF81FFE}.exe
{DE7CA97F-CA68-41EC-B25A-A53A19014B9D}.exe
{8DC61014-9B57-4437-9827-B617A0B2000E}.exe
{0611D07C-F110-4B09-B868-F2A69B6C6FCF}.exe
{58F0A7D0-67A0-4E1E-B88C-D1EC1248A616}.exe
{B5639B36-79A4-47DB-9940-858110B673E5}.exe
{06E93F99-1575-4B29-9C2F-A51CB77D198A}.exe
{53255A48-4A78-43DD-963D-EC993896C13E}.exe
{56F513B6-4631-411E-8D6E-F5493261239A}.exe
{97540532-90BB-4E13-9540-136F84DCE717}.exe
{0998A371-E3B9-4AC5-9CEF-EA7CFD90BA9B}.exe
{9336D268-3154-46FD-966C-4B6B44EABBAC}.exe
{631918C9-CEA3-4026-BA6F-A3340BBBBBC9}.exe
{A7B3E947-6B59-44CB-BCBE-1DAD1A313AE1}.exe
{CC891487-9CA4-4C75-87E9-D5C2048C314B}.exe
{8A1BC973-FF54-4467-BFED-83E108F13628}.exe
{425A481F-4C42-4BDC-84C9-2AD374127DE8}.exe
{B6E1924D-8EAC-407D-B3BD-2BFA4A8D5C1B}.exe
{A5E1B1DB-A157-41A5-9F20-A6C8218D6BA0}.exe
{A6E60197-D54B-4E59-9F16-0D667003C793}.exe
{DB91148F-9FA5-467E-9BA1-748365BB188C}.exe
{18D8E311-4704-4590-A321-F8327E3F9D04}.exe
{4131B2F4-12AF-4FF8-9BD6-B01798D5FD62}.exe
{11DC07EF-E728-4D08-AF15-7C80F3EE3F71}.exe
{A0514035-37CC-4154-A35F-FFFCFAEDE44B}.exe
{88220C0C-DF78-485B-9E60-553F65219483}.exe
{D0E6869B-1C97-440A-83A6-CEFD8B328EEC}.exe
{779F0D9E-CBA9-4880-B1BF-CE87E704E608}.exe
{7B50D803-9F0F-46FD-BD99-F9C660FC7037}.exe
{D69755BD-9FAA-4848-93C7-05E14E78DB70}.exe
{796F671F-7B98-45ED-9E68-A80225B83691}.exe
{486B0524-E93E-4FA5-8523-8A7A6E45F57A}.exe
{30397F5F-9F3C-4F20-87A3-B14088092B32}.exe
{00CEA06D-CDC0-4EED-8B47-C83260A60DD9}.exe
{86093FC2-4334-4377-81D7-1E61935A6971}.exe
{42DB4903-8274-4BFD-92AC-592652838AA6}.exe
{10C2AD96-7CFC-4CA1-9298-54FA604D847C}.exe
{90617E97-1F14-4B23-A186-5C78D157CE4E}.exe
{8DC17ED8-D3F7-45E9-9C5F-2BF71038EA22}.exe
{334A3FA1-1795-4223-8570-C5ECE29634D7}.exe
{C852D2D3-D2F8-4370-ADC4-7CAA35762D6E}.exe
{6EF370FB-C318-4E84-BB8E-AAE8271AB16E}.exe
{29A033EC-DD94-474B-9776-CDD140EFB15F}.exe
{97B80A35-2392-4A34-B3AD-DA7C838F268E}.exe
{BA7E4583-B60D-4BE9-AF4B-7194FB1B9E83}.exe
{9919F10A-A18C-47FD-95A1-E23C9E0D71D8}.exe
{3F17F6F0-FBAB-42EA-96C5-C990AC1EE7CD}.exe
{293BC4E5-5A7A-41FA-9226-A8CEC62297E2}.exe
{4BA3DF80-F18D-4452-919D-CA4406DEC4B3}.exe
{823BC919-FB8D-41DA-ACC4-0AE5744724CA}.exe
{EA3DB63B-6C21-40D4-B172-468B798B776F}.exe
{95C576C5-48BD-4EBD-8095-959C7C9213BA}.exe
{C96E9B8E-281D-4D39-9ACB-B52E019EF682}.exe
{E0E9B7CD-1BE0-4539-8546-ABD2FC09D3DE}.exe
{7F058D0D-1C4A-4F6B-8459-4EF9097A35B5}.exe
{CF86AC0E-0192-475F-9D44-09EEC5C39FA1}.exe
{0E79CF28-23DD-432F-8BC5-1E6CFFFADE72}.exe
{B9A21E0E-5124-493D-B276-96AFF399B456}.exe
{72E0AE3E-79FE-4ECD-B031-5387F60792CB}.exe
{D53FD93B-8D31-4248-823E-A79480BA1D19}.exe
{86A9DBEA-780F-41FB-A1F7-FA8A167D5FFF}.exe
{C695331B-EB0D-4C1A-B628-3EFDD86F5250}.exe
{CCA2325C-4FCF-4B16-90CE-2EAED728A671}.exe
{C0805B8C-56D0-40B4-8862-F8D51DCBBF04}.exe
{16344800-4029-4F6E-8EFD-918927D5E696}.exe
{7395BDD4-237B-4349-90DD-A49B612FAA6A}.exe
{D86412A4-C146-43AB-8868-A31C3259326A}.exe
{8784927F-514A-468E-B25F-3375E9EB6189}.exe
{15803CB2-E858-484A-BB83-51BBC8B0570A}.exe
{18860182-4E7A-4147-82F6-C3DB7C60341A}.exe
{451F02C3-C073-4814-A3D0-89839BD5B49F}.exe
{703A6060-0EFB-44B5-A652-5E43BF393D79}.exe
{81DF23F4-8EF5-4642-A41A-2F5C15DA3689}.exe
{DFE1C8B2-7850-4CEB-9E4B-0046BC66BA72}.exe

Edited by luigi1181, 06 July 2006 - 05:35 AM.


#7 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 06 July 2006 - 05:35 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:19:43 PM 7/5/2006

+ Scan result:



C:\WINDOWS\system32\{00CEA06D-CDC0-4EED-8B47-C83260A60DD9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{01F09B77-74F3-46D2-8586-7EE147E3331E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{03276B9C-3364-4EDE-946F-7D5B6EDB59D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0611D07C-F110-4B09-B868-F2A69B6C6FCF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06D82B74-3E3E-4564-A023-E31691ADD2DE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06E93F99-1575-4B29-9C2F-A51CB77D198A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0792A921-78DB-4F0C-A82C-0753DB6C77D7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0922C267-1845-48BF-AB9C-9EE230858734}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0998A371-E3B9-4AC5-9CEF-EA7CFD90BA9B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{09DA9A04-56ED-45AE-81E5-19E6E5FD1F75}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0B13E88C-A415-4A05-BA81-687A4E0583E4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0D1FE8C9-4A1B-46E5-A8FB-0802D558C62F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0E54F2B3-2F9B-4A96-B1CF-800AB059489A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0E79CF28-23DD-432F-8BC5-1E6CFFFADE72}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{10C2AD96-7CFC-4CA1-9298-54FA604D847C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{11DC07EF-E728-4D08-AF15-7C80F3EE3F71}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{12D1B120-CE93-4EAC-8F24-A5D8EE7EB93B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{156920F9-F70B-4321-81AA-A24F593FF475}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{15803CB2-E858-484A-BB83-51BBC8B0570A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{16344800-4029-4F6E-8EFD-918927D5E696}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{16B45C2A-2439-4867-AF47-0E75E021F254}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{178A221F-35AF-4A6C-877C-DEF3EB8AED3A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{18860182-4E7A-4147-82F6-C3DB7C60341A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{18D8E311-4704-4590-A321-F8327E3F9D04}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1CC8EF60-75F9-4BD2-ABE4-8FA2BB107189}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{20615B69-E117-4AB9-BE5A-76B11C905697}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{293BC4E5-5A7A-41FA-9226-A8CEC62297E2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{29A033EC-DD94-474B-9776-CDD140EFB15F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2CFF98C0-EFD1-4713-AA2A-369C10332175}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2EE5CA6B-A393-4CCB-AD25-6077B086037D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{30397F5F-9F3C-4F20-87A3-B14088092B32}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{30FDBFD6-0351-4E22-9CAC-0AD567155B13}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{334A3FA1-1795-4223-8570-C5ECE29634D7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3696C07F-50DD-4CFE-8137-1AB91A007E31}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{36A9C2F7-E0AD-45B7-8E9F-FD1D520DA0E0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3ACF0D02-9646-4B7D-AA32-885C4B54AAEF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3B60B287-3548-45EA-8D99-AA66AC966C88}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3CB4BFF6-097B-455A-9174-DFD660962E72}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3D31B633-CF9C-4B9C-AC09-3FECE8EB5FF1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3EE97606-BE97-41F4-8823-9F0571675E3E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3F17F6F0-FBAB-42EA-96C5-C990AC1EE7CD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3F8DC941-ED6D-4F66-9349-F3FBF03F42E8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{40EFAE4B-1498-4750-99ED-AAE5362D5E2A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4131B2F4-12AF-4FF8-9BD6-B01798D5FD62}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{425A481F-4C42-4BDC-84C9-2AD374127DE8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{42DB4903-8274-4BFD-92AC-592652838AA6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{451F02C3-C073-4814-A3D0-89839BD5B49F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{47FF20DA-1289-4059-B76E-020ABBC47BF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{486B0524-E93E-4FA5-8523-8A7A6E45F57A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4ABCF86E-3584-4D55-A225-BD6DAE2C9AEC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4BA3DF80-F18D-4452-919D-CA4406DEC4B3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4C1BCCF4-EB9F-4D43-BD67-32E87A1E64C9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4F9F46AB-4D2B-41A5-9FED-BF450C47E4F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{51318E5A-7361-40A8-8557-AC49CBC57BB0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{52010BB2-677F-4BB6-880E-0304945A6EEE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{53255A48-4A78-43DD-963D-EC993896C13E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{56F513B6-4631-411E-8D6E-F5493261239A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5807CB2C-E83E-4FBB-8383-EA8501B255D4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{58F0A7D0-67A0-4E1E-B88C-D1EC1248A616}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5A81D330-14F9-48FA-8E1E-D1478B302820}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5B02077C-504F-4D87-B87B-6CA25EDC8101}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5B6E69F8-C4D5-483A-B2FB-8ED93D34696F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5BEB3C7A-BB7B-475A-A421-A7C8E8EB28FB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5D01D4C7-969A-4E7D-8C4B-8739D3E3CD76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FC1223C-15A8-41CD-9CD1-55A0403437EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FD79A91-DBC8-416F-A76A-FC000078BCAA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{631918C9-CEA3-4026-BA6F-A3340BBBBBC9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{63B1C3DE-02AE-4668-9E57-E87FE1B24382}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6EF370FB-C318-4E84-BB8E-AAE8271AB16E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7017EBE6-3BBA-405C-A294-6A540FF77C42}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{703A6060-0EFB-44B5-A652-5E43BF393D79}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{72E0AE3E-79FE-4ECD-B031-5387F60792CB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7395BDD4-237B-4349-90DD-A49B612FAA6A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{74CAE9F7-D071-4A8F-A436-4211AAF62434}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{75D98BA8-A5E8-41B8-BBB6-2E6D65D63619}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{76EB975A-E877-4C62-8C6C-82E2606CC8AF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{776DF41F-3EC7-4C5C-8FD3-32A697E2E570}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{779F0D9E-CBA9-4880-B1BF-CE87E704E608}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{77C85A8A-4238-4207-BFFF-9706A73698BF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{796F671F-7B98-45ED-9E68-A80225B83691}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7A0FDA2A-63DB-46C4-B5E7-3F4F4B19E8A7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7B50D803-9F0F-46FD-BD99-F9C660FC7037}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7F058D0D-1C4A-4F6B-8459-4EF9097A35B5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7FFE9063-8A2D-4E24-BFDA-A41541296EE8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{81DF23F4-8EF5-4642-A41A-2F5C15DA3689}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{823BC919-FB8D-41DA-ACC4-0AE5744724CA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{83F58C0F-23D3-4255-A570-3B7BA82CC63D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86093FC2-4334-4377-81D7-1E61935A6971}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86A76CFB-F09E-4091-ADFB-6145C22BBC56}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{86A9DBEA-780F-41FB-A1F7-FA8A167D5FFF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{874A9EC6-46EC-422D-9395-885A9CC608D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8784927F-514A-468E-B25F-3375E9EB6189}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{88220C0C-DF78-485B-9E60-553F65219483}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8A06369F-4916-40CC-A953-DA1E31323191}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8A1BC973-FF54-4467-BFED-83E108F13628}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8BFB176C-C3E3-4951-AE6C-BB31959B4691}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8DC17ED8-D3F7-45E9-9C5F-2BF71038EA22}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8DC61014-9B57-4437-9827-B617A0B2000E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8FD0F961-EA3B-402A-8916-1B87D6A7C602}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{90617E97-1F14-4B23-A186-5C78D157CE4E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{91B75020-026F-4BB4-8B91-4755495A294B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{91F6E3CC-3585-452F-BCC2-60FC212ED1EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9336D268-3154-46FD-966C-4B6B44EABBAC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{95C576C5-48BD-4EBD-8095-959C7C9213BA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9687B3E0-48AF-49FE-82EA-626A1C70813A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{97540532-90BB-4E13-9540-136F84DCE717}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{97B80A35-2392-4A34-B3AD-DA7C838F268E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9919F10A-A18C-47FD-95A1-E23C9E0D71D8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9E148CA5-A233-4F93-9545-4D020536A41E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A0514035-37CC-4154-A35F-FFFCFAEDE44B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A56FFF1D-39F4-467B-9FF4-CE1E1818B40D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A5E1B1DB-A157-41A5-9F20-A6C8218D6BA0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A6E60197-D54B-4E59-9F16-0D667003C793}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A7B3E947-6B59-44CB-BCBE-1DAD1A313AE1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A9A655B5-21D7-4FE5-AC5F-8A3B5141AF2F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ABE1AD99-99BC-4D7A-B663-3B69DDF81FFE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ABE6D7E1-7FB5-488F-8821-38DAE7582C51}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC14A161-0FED-4599-99EE-F609A643192B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ADFBF076-D801-48A2-A7C1-AFD449F9B8A3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B554E081-01F6-417F-9207-3C8149A047ED}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B5639B36-79A4-47DB-9940-858110B673E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B6E1924D-8EAC-407D-B3BD-2BFA4A8D5C1B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B7DF608E-A83A-43C9-853F-3DCBCABCB2EE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B9A21E0E-5124-493D-B276-96AFF399B456}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BA7E4583-B60D-4BE9-AF4B-7194FB1B9E83}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BE7F4639-61CA-4D26-85FA-79D30422CDA2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BF187B4C-88B7-4D6F-8F67-67DB6C195E94}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C05D09D9-6988-40A0-86F8-103EA27B35D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C0805B8C-56D0-40B4-8862-F8D51DCBBF04}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C117EBF6-996B-46E3-83B7-8029F86F5D38}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C1D9D89D-EE4C-4D7A-8212-DE4214423354}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C4642550-6B9E-481F-B03B-172D2B35061C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C695331B-EB0D-4C1A-B628-3EFDD86F5250}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C852D2D3-D2F8-4370-ADC4-7CAA35762D6E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C9526CC6-BABE-46CD-BFA3-EACE1267ABE4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C96E9B8E-281D-4D39-9ACB-B52E019EF682}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CA43633E-0E11-422C-9913-C90B52166AFD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CB4A8952-BA39-4532-8717-61978C07FCF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CC891487-9CA4-4C75-87E9-D5C2048C314B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CCA2325C-4FCF-4B16-90CE-2EAED728A671}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CCCF1314-9AFA-4290-B586-2CD07A0940DD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CD1BB323-9C6B-4718-9614-E42DE2C8FFD6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CF86AC0E-0192-475F-9D44-09EEC5C39FA1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D0E6869B-1C97-440A-83A6-CEFD8B328EEC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D53FD93B-8D31-4248-823E-A79480BA1D19}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D69755BD-9FAA-4848-93C7-05E14E78DB70}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D86412A4-C146-43AB-8868-A31C3259326A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D8FED50E-7965-4284-817C-44CC5766947A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DB91148F-9FA5-467E-9BA1-748365BB188C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DBD66896-0AC7-4500-A556-C35D262D9950}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DD0ADD1A-9D30-4F5F-A2E0-330E5A9923D0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE60AE4D-8DB9-43D9-BD61-86389B8D7DFE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE7CA97F-CA68-41EC-B25A-A53A19014B9D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE9F566E-26D8-4ADD-A878-9047A7A0C7C3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E0E9B7CD-1BE0-4539-8546-ABD2FC09D3DE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E24F9D26-93EA-44FA-A5FE-56C3CFE417D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E64E9DA5-5658-4520-969C-56921CE98738}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E6774340-5BD1-4119-9D74-B1C658C2E22D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E798F577-8432-4525-A9E5-2365A89BA985}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EA3DB63B-6C21-40D4-B172-468B798B776F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cswcg.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.632:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.609:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.622:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.623:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.569:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\w56p84ar.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Josh\Application Data\Mozilla\Fire

Edited by luigi1181, 06 July 2006 - 05:36 AM.


#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 06:04 AM

OK,lets move on,the logs are just too big to post into a single reply.

Locate and Delete this file

C:\Documents and Settings\Josh\Favorites\Download Free Spyware Remover.url


Open FireFox and Click Tools--> Options--> Privacy

Click the "Clear" tab by everything but "Saved Passwords"


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#9 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 06 July 2006 - 08:21 AM

Scanning Report
Thursday, July 06, 2006 08:20:27 - 09:26:06

Computer name: LUIGIS
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 2 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 26541
* System: 4957
* Not scanned: 5

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E1CF86AD-7B5E-480B-BDF7-94AB01C3D493}.BIN
* C:\DOCUMENTS AND SETTINGS\JOSH\LOCAL SETTINGS\TEMP\HSPERFDATA_JOSH\884

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-07-06
* F-Secure Libra: 2.4.1, 2006-07-04
* F-Secure Orion: 1.2.37, 2006-07-05
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-06-04

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 9:28:20 AM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Josh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 12:03 PM

Lets have a fresh run with Ewido and see how these logs look now?

Make sure to check Ewido for any updates and go to Safe Mode and run a scan just as you did before.

Clean all it finds and save the report.

Restart normal and post the ewido log please.

#11 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 06 July 2006 - 07:40 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:47:25 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Josh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:28:30 PM 7/6/2006

+ Scan result:



:mozilla.15:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh\Cookies\josh@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).


::Report end


so does it look good? becuase i havent had anymore redicts/popups or other annoying things

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 08:18 PM

I think it looks alot better but I wanna be sure we havent left anything behind.


For these cookies and temp files,here is a good tool to help you maintain those weekly.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#13 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 07 July 2006 - 07:19 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 07, 2006 8:27:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/07/2006
Kaspersky Anti-Virus database records: 205448
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 83075
Number of viruses found: 2
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:57:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Aim\tdpotzgm\luigi118\cert8.db Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Aim\tdpotzgm\luigi118\key3.db Object is locked skipped
C:\Documents and Settings\Josh\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\cert8.db Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\formhistory.dat Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\history.dat Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\key3.db Object is locked skipped
C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\2b33idtz.Default User\parent.lock Object is locked skipped
C:\Documents and Settings\Josh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Josh\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Josh\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Josh\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Josh\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035023.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035024.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035025.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035026.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035027.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035028.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035029.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035030.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035031.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035032.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035033.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035034.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035035.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035036.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035038.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035039.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035040.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035041.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035042.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035043.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035044.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035045.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035046.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035047.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035048.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035049.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035050.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035051.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035052.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035053.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035054.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035055.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035056.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035057.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035058.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035059.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035060.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035061.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035062.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035063.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035064.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035065.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035066.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035067.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035068.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035069.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035070.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035071.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035072.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035073.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035074.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035075.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035076.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035077.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035078.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035079.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035080.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035081.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035082.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035083.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035084.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035085.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035086.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035087.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035088.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035089.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035090.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035091.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035092.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035093.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035094.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035095.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035096.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035097.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035098.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035099.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035100.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035101.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035102.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035103.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035104.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035105.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035106.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035107.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035108.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035109.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035110.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035111.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035112.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035113.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035114.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035115.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035116.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035117.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035118.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035119.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035120.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035121.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035122.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035123.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035124.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035125.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035126.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035127.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035128.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035129.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035130.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035131.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035132.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035133.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035134.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035135.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035136.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035137.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035138.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035139.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035140.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035141.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035142.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035143.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035144.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035145.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035146.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035147.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035148.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035149.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035150.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035151.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035152.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035153.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035154.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0035155.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{56A806DF-4BA5-483F-AD5D-D3E3DC4285CB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF Object is locked skipped

Scan process completed.

I left my computer on overnight to scan everything becuase it was late, when i came back to check in the morning i kept getting th pop-ups from my antivirus for the tr/click.526 the locations this time were mostly all in my restore...

and my web is running realy slow now too...

Edited by luigi1181, 07 July 2006 - 07:29 AM.


#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 06:12 PM

Download ComboFix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.

Post the contents of combofix.txt into the next reply.

#15 luigi1181

luigi1181
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 08 July 2006 - 12:50 PM

It scanned but it didnt say i had to reboot... if i have to reboot after it, i will

Start Time= Sat 07/08/2006 13:55:43.85
Running from: C:\Documents and Settings\Josh\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-05 16:41:38 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-04 06:46:50 ( .D... ) "C:\Program Files\AntiVir PersonalEdition Classic"
2006-06-26 23:06:32 36728 ( A.... ) "C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT"
2006-06-22 05:47:18 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-19 16:19:42 571184 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-06-19 16:19:26 304944 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2006-06-10 21:13:06 249856 ( ..... ) "C:\WINDOWS\Setup1.exe"
2006-06-10 21:13:04 73216 ( A.... ) "C:\WINDOWS\ST6UNST.EXE"
2006-06-08 18:19:52 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-03 08:20:00 ( .D... ) "C:\Program Files\GalaNet"
2006-06-02 11:06:50 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll"
2006-06-01 13:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-29 10:32:10 1496576 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-19 21:42:52 ( .D... ) "C:\Program Files\Sierra On-Line"
2006-05-19 10:06:04 3055104 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 00:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-16 15:23:56 339968 ( ..... ) "C:\WINDOWS\system32\pxwave.dll"
2006-05-16 15:23:56 28672 ( ..... ) "C:\WINDOWS\system32\VXBLOCK.dll"
2006-05-16 15:23:54 1257472 ( ..... ) "C:\WINDOWS\system32\PxSFS.DLL"
2006-05-16 15:23:54 450560 ( ..... ) "C:\WINDOWS\system32\pxdrv.dll"
2006-05-16 15:23:54 430080 ( ..... ) "C:\WINDOWS\system32\px.dll"
2006-05-16 15:23:54 176128 ( ..... ) "C:\WINDOWS\system32\pxmas.dll"
2006-05-16 15:23:54 61440 ( ..... ) "C:\WINDOWS\system32\pxhpinst.exe"
2006-05-16 15:23:54 57344 ( ..... ) "C:\WINDOWS\system32\pxcpya64.exe"
2006-05-16 15:23:54 56832 ( ..... ) "C:\WINDOWS\system32\pxinsa64.exe"
2006-05-11 03:37:26 90112 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 00:25:22 663552 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:25:22 615424 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 00:25:22 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 00:25:22 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:25:22 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 00:25:22 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:25:22 251904 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 00:25:22 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:25:22 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 00:25:22 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 00:25:22 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:25:22 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 00:25:22 15872 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 00:25:20 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 00:25:20 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 00:25:20 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-04-29 06:07:48 5533696 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-27 09:02:46 5 ( A.... ) "C:\Documents and Settings\Josh\Application Data\kc.tmp"
2006-04-19 15:09:20 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-04-19 15:09:20 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-04-19 15:09:20 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-04-19 15:09:20 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-04-18 17:34:58 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-04-18 17:31:14 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-04-18 17:31:14 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-04-18 17:30:58 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-04-18 17:30:30 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-04-18 17:30:28 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-04-18 17:30:28 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-04-18 17:30:28 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-04-18 17:30:28 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-04-18 17:30:28 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-04-18 17:30:28 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-04-18 17:30:28 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-04-18 17:30:24 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-04-18 17:30:14 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-04-10 13:37:12 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-06 20:30 1,071,812,608 C:\hiberfil.sys
2006-07-05 17:30 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-05 17:30 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-04 06:46 57,384 C:\WINDOWS\system32\avsda.dll
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll
2006-06-19 16:19 304,944 C:\WINDOWS\system32\WgaTray.exe
2006-06-03 08:28 4,682 C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"BuildBU"="c:\\dell\\bldbubg.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TivoTransfer.exe\" /auto:TivoTransfer /registry /service"
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /auto:TivoServer /registry /service"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,c2,01,00,00,00,00,00,00,3e,03,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KillAndClean"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\KillAndClean\\KillAndClean.exe\""
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder

Completion time: Sat 07/08/2006 13:56:14.95
ComboFix ver 06.07.07 - This logfile is located at C:\ComboFix.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users