Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Please!


  • This topic is locked This topic is locked
12 replies to this topic

#1 locachica

locachica

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 11:39 AM

I have alot of nasty popups and hijacking browsers can you help? I ran SPYBOT SEARCH & DESTROY and removed files..

Logfile of HijackThis v1.99.1
Scan saved at 10:26:44 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
:thumbsup:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\v6.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\DOCUME~1\AMANDA\MYDOCU~1\STEM~1\nopdb.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\?ymbols\??erinit.exe
C:\WINDOWS\TEMP\win3281.tmp.exe
C:\Program Files\Common Files\{37BF1CB6-0A6A-1033-0406-050409010001}\Update.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AMANDA\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\miwje.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,weenoyg.exe
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{37BF1~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [{37BF1CB6-0A6B-1033-0406-050409010001}] "C:\Program Files\Common Files\{37BF1CB6-0A6B-1033-0406-050409010001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{37BF1CB6-0A6A-1033-0406-050409010001}] "C:\Program Files\Common Files\{37BF1CB6-0A6A-1033-0406-050409010001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\AMANDA\MYDOCU~1\STEM~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...5000/model.html
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,BattyRun2.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) :flowers:

Edited by locachica, 09 February 2007 - 11:41 AM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 February 2007 - 11:56 AM

Welcome locachica :thumbsup:

First of all go to Control Panel>Add or Remove Programs,and remove Ipwindows if present,then reboot.

=================

Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the smitfraudfix report into your next reply

==================

Please download/install AVG Anti-Spyware 7.5.
Please follow these instructions carefully.
Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

==================

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a log.
Post the C:\ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Reboot when you've finished.
Post the SmitfraudFix report,the AVG Anti Spyware report,the C:\ComboFix.txt,and a new Hijackthis log in your next reply.

Edited by RichieUK, 09 February 2007 - 11:57 AM.

Posted Image
Posted Image

#3 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 05:36 PM

Amazing! I think it's better already (no popups!!) It's not even my computer (parent loaned to me) but I sure am glad you helped me fix it! I noticed though that firefox seems to have been deleted in the process. Any idea why?

Here are my scan logs for all of those programs!

THanks again!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:57:12 PM 2/9/2007

+ Scan result:



C:\WINDOWS\Temp\stdrun6.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fkillign.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun20.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun10.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32.exe -> Adware.BkdSpace : Cleaned with backup (quarantined).
C:\WINDOWS\stub_mm3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238616.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238617.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238619.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238629.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0008.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0236529.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0234534.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\TWljaGFlbCBMZWU\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\TWljaGFlbCBMZWU\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\cmdinst.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\nwnmff_e49.exe -> Adware.DollarRevenu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsl7CA.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\ipwins.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238647.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238648.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win14.tmp.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winC58.tmp.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\056FO9A3\unstall[1].exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun26.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238625.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238626.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238627.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\yz02.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun31.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun32.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun34.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun45.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun19.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0242620.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0242622.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__t_i_g_s_m_w_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\MirarSetup_876087.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\116[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Temp\temp.fr553C -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{37BF1CB6-0A6A-1033-0406-050409010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{37BF1CB6-0A6A-1033-0406-050409010001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{37BF1CB6-0A6B-1033-0406-050409010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{37BF1CB6-0A6B-1033-0406-050409010001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc3\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc3\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2349869914-3974805238-1718751495-1008\Dc2\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2349869914-3974805238-1718751495-1008\Dc7\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2349869914-3974805238-1718751495-1008\Dc7\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP639\A0231503.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP639\A0231504.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP639\A0231506.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\deskbar.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0242621.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__s_9_n_d_z_m_6_._d_l_l_ -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\histuay.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rnnypbw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\DXC9.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\i2.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\i4.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\i93.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\i96.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun39.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun40.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\014ZX1GC\DXCecho[1].exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\i21.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\i5.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\i73.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\i94.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\i9A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun38.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun49.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\i3.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\i99.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun23.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wufud\wufuc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ssqqqpn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tuvwutu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\RarSFX0\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\RarSFX0\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\RarSFX0\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\RarSFX0\whAgent.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun41.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun42.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun43.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun44.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun39.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun40.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun50.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun51.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238645.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun24.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun25.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\WINDOWS\pss\taskmgr.exeCommon Startup -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\eDonkey2000 Downloads\Windows.XP.SP2.KeyGen.rar/Windows Xp Sp2 Keygen with auto key changer [pleasuredome101]\1) Windows XP SP2 Keygen\KeyGen.exe -> Backdoor.Tagent.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a49.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\windows.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238630.exe -> Downloader.Adload.hy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238631.exe -> Downloader.Adload.hy : Cleaned with backup (quarantined).
C:\mpnaaq7.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\ig-24725-mut17.exe -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\ig-24725-mut17.exe -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ig-24725-mut17.exe -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ST6JKXAB\ac3[1].txt -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4LE38PIV\ab_02[1].exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q11PHJPH\ab_02[1].exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0233538.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238644.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0239613.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0242608.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0234536.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win31D1.tmp.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3271.tmp.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win327B.tmp.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun3.exe -> Downloader.Busky.az : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ѕystem\ѕеrvices.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0235566.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238641.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0239614.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win1A.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win325D.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win327F.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winC60.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun21.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun11.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\installerwnusnewer.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\f457906.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\f977328.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\f977296.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\f977468.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238601.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\f975703.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\pss\ngsgk.exeCommon Startup -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bwuip.dat -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cggfucr.dll -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vygfes.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\165.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DUVK9M7\al3[2].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\microsoft frontpage\auxe.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\Program Files\microsoft frontpage\wokez.dll.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\VSL.dl_.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238639.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238640.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun35.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun36.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun37.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun38.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun36.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun37.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun47.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun48.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Program Files\microsoft frontpage\wokez.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun21.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun22.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4LE38PIV\ac3_0018[1].exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQVSLUZ\ac3_0002[1].exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q11PHJPH\ac3_0018[1].exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\affiliate.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\affiliate[1].exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\dollarrev.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun30.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun33.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun44.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun17.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win325F.tmp.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3281.tmp.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\v6.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wufup.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wufud\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wufua.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wufum.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\wufu\wuful.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\162.exe -> Downloader.Zlob.avo : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun23.exe -> Dropper.Agent.asr : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun24.exe -> Dropper.Agent.asr : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun12.exe -> Dropper.Agent.asr : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun26.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun27.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun28.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun14.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun16.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun5.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun24.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun25.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun25.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun1.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun13.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun9.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun47.exe -> Dropper.Agent.azk : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun50.exe -> Dropper.Agent.azk : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun54.exe -> Dropper.Agent.azk : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun7.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP639\A0231505.exe -> Dropper.Dolla.b : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun8.exe -> Dropper.MultiJoiner.13.h : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun2.exe -> Hijacker.IntelliAdvert : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun46.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun49.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\35_bn2b.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\cr52.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stampede0011.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun42.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun53.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Program Files\BHO Plugin\uninstall.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\35_bn2b.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\cr52.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\rsi.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stampede0011.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\stdrun27.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\F1BNV23K\rsi[1].exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).
C:\Program Files\html1.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\html2.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun33.exe -> Hijacker.VB.is : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun34.exe -> Hijacker.VB.is : Cleaned with backup (quarantined).
C:\WINDOWS\$NtUninstallKB900485$\doke.exe -> Hijacker.VB.is : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0234533.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0235545.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0236544.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0236558.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0237557.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238561.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238607.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0239611.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0241607.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP642\A0242607.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win31CF.tmp.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win326D.tmp.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win327D.tmp.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\svchost.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mst1B.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mstC62.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvkew.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP641\A0238623.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/ClipSync Pro v3x Uni-patcher/ClipSync Pro v3x Uni-patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/ClipSync v2x Uni-patcher/ClipSync.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/Cryptor_v4x_Uni-patcher/Cryptor_Uni-patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/HandsHigh/HandsHigh2.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/Hot-Games v2.x Uni-patcher/Hot-Games.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/JawzDataGator/Jawz-crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/MaxSecret_unipatcher2/MaxSecret_unipatcher_fixed.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/MegaDoc v1.x uni-patcher/MegaDoc v1.x.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/MegaLauncher II v2.x Uni-patcher/MegaLauncher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/SubVert Uni-patchers/Ultrasoft Money Uni-patcher/Ultrasoft.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/Cracks/TotalCar/pc_allwt/WitkoskiAllCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_01_13_2002.zip/Warez4Palm/TealPoint/Jle.Junky uni-patcher/TealPointAppsCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/ClipSync v2x Uni-patcher/ClipSync.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/Cryptor_v4x_Uni-patcher/Cryptor_Uni-patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/HandsHigh/HandsHigh2.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/Hot-Games v2.x Uni-patcher/Hot-Games.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/JawzDataGator/Jawz-crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/MaxSecret_unipatcher2/MaxSecret_unipatcher_fixed.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/MegaDoc v1.x uni-patcher/MegaDoc v1.x.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/MegaLauncher II v2.x Uni-patcher/MegaLauncher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/SubVert Uni-patchers/Ultrasoft Money Uni-patcher/Ultrasoft.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/Cracks/TotalCar/pc_allwt/WitkoskiAllCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\Warez4Palm_05_07_2001.zip/Warez4Palm_05_07_2001/Warez4Palm/TealPoint/Jle.Junky uni-patcher/TealPointAppsCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\1200 Palm Apps\TnTFarts - 550 Palm Programs\mail_13_k_.zip/mail_13_k_/Mail+13Crk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Michael Lee\Local Settings\Application Data\Microsoft\CD Burning\apps\2_CDRWin 5.05 + Crack.zip/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\install_gl.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.114:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.120:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.121:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.122:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.308:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.98:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.170:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.44:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.300:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.301:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.221:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.225:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.231:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.254:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.255:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.256:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.35:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.36:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.37:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.38:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.39:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.40:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.41:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.42:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.102:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.106:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.108:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.109:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.110:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.111:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.264:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.265:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.271:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.272:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.273:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.21:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.100:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.79:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.80:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.81:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\AMANDA\Application Data\Mozilla\Firefox\Profiles\k76x7msp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\AMANDA\Cookies\amanda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager

#4 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 05:37 PM

-------------------
ComboFix Scan:
"AMANDA" - 07-02-09 15:43:36 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\AMANDA\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar_e49.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\INSTALL.LOG
C:\Program Files\Common Files\{37BF1~1
C:\Program Files\Common Files\{37BF1~2
C:\DOCUME~1\AMANDA\Application Data\SearchToolbarCorp
C:\Program Files\Ipwindows
C:\Program Files\Outerinfo
C:\Program Files\outlook
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\AMANDA
C:\qoobox\purity\DOCUME~1\AMANDA\My Documents
C:\qoobox\purity\DOCUME~1\AMANDA\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\AMANDA\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\AMANDA\My Documents\STEM~1\nopdb.exe
C:\qoobox\purity\DOCUME~1\AMANDA\My Documents\STEM~1\??stem
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1\??erinit.exe
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))


2007-02-09 15:09 88,340 --a------ C:\WINDOWS\system32\rwpybjpw.exe
2007-02-09 15:09 76,412 --a------ C:\WINDOWS\system32\jcxllifg.dll
2007-02-09 15:09 118,804 --a------ C:\WINDOWS\system32\sruhcyrc.dll
2007-02-09 12:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-09 12:18 <DIR> d-------- C:\Program Files\Grisoft
2007-02-09 12:06 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-09 12:06 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-09 12:06 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-09 12:06 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-09 12:06 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-09 12:06 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-09 11:20 22,726 ---hs---- C:\WINDOWS\system32\awtuuus.dll
2007-02-09 10:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-02-08 22:40 95,232 --a------ C:\WINDOWS\system32\dyogskl.dll
2007-02-08 22:40 88,340 --a------ C:\WINDOWS\system32\tcdtlxjr.exe
2007-02-08 22:40 22,647 ---hs---- C:\WINDOWS\system32\jkkhghh.dll
2007-02-08 21:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-08 20:09 <DIR> d---s---- C:\DOCUME~1\Guest\UserData
2007-02-08 20:09 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Viewpoint
2007-02-08 20:09 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Share-to-Web Upload Folder
2007-02-08 20:07 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\SearchToolbarCorp
2007-02-08 20:07 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Google
2007-02-08 20:06 88,340 --a------ C:\WINDOWS\system32\qbnsaiwc.exe
2007-02-08 20:06 76,412 --a------ C:\WINDOWS\system32\yrembkse.dll
2007-02-08 20:04 1,048,576 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-02-08 20:04 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Symantec
2007-02-08 20:04 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Sun
2007-02-08 19:44 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Viewpoint
2007-02-08 18:41 <DIR> d-------- C:\WINDOWS\wufu
2007-02-08 18:41 <DIR> d-------- C:\Program Files\Common Files\wufu
2007-02-07 23:26 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\ATTNaturalVoices
2007-02-07 21:28 <DIR> d-------- C:\Program Files\Thinkwell
2007-02-07 20:13 1,020,775 ---hs---- C:\WINDOWS\system32\qrqss.bak2
2007-02-07 12:36 <DIR> d-------- C:\lexmark
2007-02-07 10:25 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\InterVideo
2007-02-07 10:23 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Lavasoft
2007-02-06 20:53 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Template
2007-02-06 20:13 88,340 --a------ C:\WINDOWS\system32\ubhykmwu.exe
2007-02-06 20:13 118,804 --a------ C:\WINDOWS\system32\bbphohxe.dll
2007-02-06 20:12 76,412 --a------ C:\WINDOWS\system32\bgeeutep.dll
2007-02-06 20:12 44,165 --a------ C:\WINDOWS\system32\lswtdssv.dll
2007-02-06 20:12 277,093 ---hs---- C:\WINDOWS\system32\ssqrq.dll
2007-02-06 20:12 1,005,399 ---hs---- C:\WINDOWS\system32\qrqss.bak1
2007-02-06 19:45 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-06 19:09 22,645 --------- C:\WINDOWS\system32\ssqqqpn.dll
2007-02-06 18:45 <DIR> d-------- C:\DOCUME~1\AMANDA\Contacts
2007-02-06 18:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-06 18:36 95,744 --a------ C:\WINDOWS\monterreya_unknown.exe
2007-02-06 18:25 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-02-06 18:15 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Adobe
2007-02-06 17:56 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Share-to-Web Upload Folder
2007-02-06 17:56 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Google
2007-02-06 17:53 1,572,864 --ah----- C:\DOCUME~1\AMANDA\NTUSER.DAT
2007-02-06 17:53 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Symantec
2007-02-06 17:53 <DIR> d-------- C:\DOCUME~1\AMANDA\Application Data\Sun
2007-01-27 16:28 95,744 --a------ C:\WINDOWS\system32\monterreya_unknown.exe
2007-01-27 16:28 95,744 --a------ C:\WINDOWS\system32\drivera.exe
2007-01-27 16:28 150,016 --a------ C:\WINDOWS\system32\drivera.dll
2007-01-27 16:21 94,720 --a------ C:\WINDOWS\system32\scewvjb.dll
2007-01-27 16:21 71,168 --a------ C:\WINDOWS\system32\fyedtfb.dll
2007-01-27 16:21 57,344 --a------ C:\WINDOWS\system32\lwaatsf.dll
2007-01-24 18:33 150,016 --a------ C:\WINDOWS\system32\durvilz.dll
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-09 14:55 -------- d--h----- C:\Program Files\bho plugin
2007-02-08 22:39 -------- d-------- C:\Program Files\spywarebot
2007-02-08 21:22 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-02-08 19:51 505 --a------ C:\WINDOWS\ttnlu.dll
2007-02-07 21:27 -------- d--h----- C:\Program Files\installshield installation information
2007-02-07 20:55 -------- d-------- C:\Program Files\awpr
2007-02-07 16:10 -------- d---s---- C:\DOCUME~1\AMANDA\Application Data\microsoft
2007-02-07 16:10 -------- d-------- C:\Program Files\textaloud
2007-02-06 19:41 -------- d-------- C:\Program Files\google
2007-02-06 18:44 -------- d-------- C:\Program Files\msn messenger
2007-02-06 18:26 -------- d-------- C:\DOCUME~1\AMANDA\Application Data\mozilla
2007-02-06 18:18 56 -r-hs---- C:\WINDOWS\system32\1bd9bf9fde.sys
2007-02-06 18:18 15694 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-02-06 18:00 -------- d-------- C:\DOCUME~1\AMANDA\Application Data\macromedia
2007-01-30 19:31 -------- d-------- C:\Program Files\davinci
2007-01-27 16:37 -------- d-------- C:\Program Files\real
2007-01-27 16:32 -------- d-------- C:\Program Files\rhapsody
2006-12-26 13:22 88340 --a------ C:\WINDOWS\system32\tvacwjsd.exe
2006-12-26 13:22 870927 ---hs---- C:\WINDOWS\system32\rrutv.bak1
2006-12-26 13:22 44052 --a------ C:\WINDOWS\system32\llvdhpji.dll
2006-12-26 01:03 -------- d-------- C:\Program Files\america online 9.0a
2006-12-20 19:53 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-20 19:52 66048 --a------ C:\WINDOWS\system32\durvily.dll
2006-12-20 19:52 53 --a------ C:\WINDOWS\enlbqv.dat
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Aaou"="\"C:\\DOCUME~1\\AMANDA\\MYDOCU~1\\STEM~1\\nopdb.exe\" -vt yazb"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\sruhcyrc.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~2.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BTTray.lnk"
"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="BTTray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Broadband Networking.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Broadband Networking.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\\_18be6784.exe "
"item"="Microsoft Broadband Networking"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ngsgk.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ngsgk.exe"
"backup"="C:\\WINDOWS\\pss\\ngsgk.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ngsgk.exe"
"item"="ngsgk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkbMonitor.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^taskmgr.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"backup"="C:\\WINDOWS\\pss\\taskmgr.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"item"="taskmgr"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Lee^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Michael Lee\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Palm\\HOTSYNC.EXE "
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Lee^Start Menu^Programs^Startup^PartMetBackup.lnk]
"path"="C:\\Documents and Settings\\Michael Lee\\Start Menu\\Programs\\Startup\\PartMetBackup.lnk"
"backup"="C:\\WINDOWS\\pss\\PartMetBackup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Java\\J2RE14~1.2\\bin\\javaw.exe -cp \"C:\\Program Files\\MetFileRegenerator\\mfr3.jar\" com.bws42.mfr.PartMetBackup --loop --cwd \"C:\\Program Files\\eDonkey2000\""
"item"="PartMetBackup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aaou]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nopdb"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\AMANDA\\MYDOCU~1\\STEM~1\\nopdb.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iexplore"
"hkey"="HKLM"
"command"="iexplore.exe [url="http://iesettingsupdate""]http://iesettingsupdate"[/url]
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Agent"
"hkey"="HKLM"
"command"="C:\\Program Files\\CyberLink\\PowerVCRII\\Agent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1123443662\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqcmon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chckup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Netverchk"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\Netverchk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcappins"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\Shared\\mcappins.exe /v=3 /cleanup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQAPP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CPQHKey"
"hkey"="HKLM"
"command"="CPQHKey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvkew"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\system32\\drvkew.dll,startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e49"
"hkey"="HKLM"
"command"="c:\\\\dfndrff_e49.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bbphohxe"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\bbphohxe.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doke]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="doke"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\$NtUninstallKB900485$\\doke.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="edonkey2000"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eDonkey2000\\edonkey2000.exe\" -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsescn"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hfobe329]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w008b791.dll,n 006be32300000003008b791"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1123443662\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon03.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon05"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hphmon05.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd05"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iHP-100]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iHPDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\iRiver\\iHP100\\iHPDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="irssyncd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\irssyncd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItalU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="italfds"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\italfds.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_e49"
"hkey"="HKLM"
"command"="c:\\\\kybrdff_e49.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kgjg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rnnypbw"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\rnnypbw.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lwaatsf.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lwaatsf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lwaatsf.dll,mzkeqfd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoodLogic Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MLService"
"hkey"="HKLM"
"command"="C:\\Program Files\\MoodLogic\\Service\\MLService.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoodLogic Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updater"
"hkey"="HKLM"
"command"="C:\\Program Files\\MoodLogic\\Service\\Updater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPfTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms03271606935]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms03271606935"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ms03271606935.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mylq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="??rvices"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?ystem\\??rvices.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~1"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,NewDotNetStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_e49"
"hkey"="HKLM"
"command"="c:\\\\nwnmff_e49.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nmiodu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="??erinit"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\?ymbols\\??erinit.exe\" 99001122"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p2pnetworking"
"hkey"="HKLM"
"command"="p2pnetworking.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSCastor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSCastor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\PSCastor\\PSCastor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"command"="C:\\Program Files\\V-Stream\\PVR Plus\\TVR\\Scheduled.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnrxf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vygfes"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\vygfes.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetKbd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetKbd"
"hkey"="HKLM"
"command"="SetKbd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyHunter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSCRun"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1123443662\\ee\\SSCRun.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Duce6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Duce6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolbarInstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MirarSetup_876087"
"hkey"="HKLM"
"command"="c:\\MirarSetup_876087.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TotRecSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqkwer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vygfes"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\vygfes.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USBDetector"
"hkey"="HKLM"
"command"="C:\\USBStorage\\USBDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmtgjrpA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wmtgjrpA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wmtgjrpA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wufu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wufum"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\wufu\\wufum.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{37BF1CB6-0A6A-1033-0406-050409010001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{37BF1CB6-0A6A-1033-0406-050409010001}\\Update.exe\" mc-110-12-0000272"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=dword:00000002
"WANMiniportService"=dword:00000002
"SymWSC"=dword:00000002
"SoundMAX Agent Service (default)"=dword:00000002
"Pml Driver"=dword:00000003
"Norton Ghost"=dword:00000002
"MCVSRte"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McShield"=dword:00000002
"hpqwmi"=dword:00000003
"GEARSecurity"=dword:00000002
"C-DillaCdaC11BA"=dword:00000002
"btwdins"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"AOLService"=dword:00000002
"AOL ACS"=dword:00000002
"LexBceS"=dword:00000002
"HPWebJetadmin"=dword:00000002
"AOL TopSpeedMonitor&q

#5 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 05:39 PM

That IPWINDOWS file was not in the ADD+Remove files yet I notice it up there in my last post^^

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 February 2007 - 05:41 PM

Could you post the Smitfraudfix report,the Combofix.txt,and the new Hijackthis log please. :thumbsup:
Posted Image
Posted Image

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 February 2007 - 05:50 PM

Post the new Hijackthis log please :thumbsup:
Posted Image
Posted Image

#8 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 06:02 PM

Sorry! I thought I had pasted this here it is.

It seems alot better, but I just got one popup!

Logfile of HijackThis v1.99.1
Scan saved at 4:58:09 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1123443662\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1123443662\ee\aolsoftware.exe
c:\program files\common files\aol\1123443662\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\common files\aol\1123443662\ee\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AMANDA\LOCALS~1\Temp\Rar$EX01.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,weenoyg.exe
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sruhcyrc.dll",setvm
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\AMANDA\MYDOCU~1\STEM~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...5000/model.html
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,BattyRun2.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe



Sorry! I thought I had pasted this here it is.

It seems alot better, but I just got one popup!

Logfile of HijackThis v1.99.1
Scan saved at 4:58:09 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1123443662\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1123443662\ee\aolsoftware.exe
c:\program files\common files\aol\1123443662\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\common files\aol\1123443662\ee\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AMANDA\LOCALS~1\Temp\Rar$EX01.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,weenoyg.exe
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sruhcyrc.dll",setvm
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\AMANDA\MYDOCU~1\STEM~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...5000/model.html
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,BattyRun2.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 February 2007 - 06:13 PM

You've no virus protection installed.
Download\install AVG Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_441a944.exe
Once installed update AVG's virus definitions and run a full system virus scan.

==================

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

==================

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Reboot,post the C:\vundofix.txt,the DrWeb.cvs report,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#10 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 06:21 PM

Thank you so very much. I am in the process of downloading those programs ! :thumbsup:

#11 locachica

locachica
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 09 February 2007 - 08:54 PM

oh no! it wont let me download AVG AV.
Local machine: installation failed
Installation:
Error: Action failed for file avg7rsw.sys: starting service....
The system cannot find the file specified. (2)
Rollback:
Error: Action failed for file avgamsvr.exe: starting service....
The service did not respond to the start or control request in a timely fashion. (1053)

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 February 2007 - 09:04 PM

Ok,forget that for now,follow the rest of the instructions please. :thumbsup:
Posted Image
Posted Image

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 14 February 2007 - 06:28 PM

Due to the lack of feedback this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users