Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid Of Cid Pop-ups!, Im New And I Need Help


  • Please log in to reply
7 replies to this topic

#1 totez

totez

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 24 April 2007 - 02:07 AM

Hi, i keep getting CiD popups when i open my Internet Explorer, i have bitdefender 10 and spysweeper

here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:03:30 AM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\smss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\services.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\lsass.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\devldr32.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\iexplore.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\CopperHead\razerhid.exe"
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Internet Explorer 6] iexplore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Hole Thunk Nurb Team] "C:\Documents" and Settings\All Users.SYSTEM\Application Data\Deafburnholethunk\downloadrect.exe
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\winlogon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer 6] iexplore.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [ProxyWay] "C:\Documents" and Settings\aristotle\Desktop\snd-proxyway2.2fixed.cracked.exe-dit\snd-proxyway2.2fixed.cracked.exe\proxyway.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PARTMORE] C:\DOCUME~1\ARISTO~1\APPLIC~1\LITELI~1\basespam.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - DarkKnight Is Hot - C:\Program Files\AIM95abcdef\aim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2816054b10c894...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135122112718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm200...ick/TMSetup.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040708.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...329/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WRLogonNTF.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ipgv.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

thank you in advance.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 24 April 2007 - 06:11 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum totez :thumbsup:

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

*****************************

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you happened to remove any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.

*Note*
If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx

Also post the contents of the results file Report.txt from the SDFix scan.
Posted Image
Posted Image

#3 totez

totez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 24 April 2007 - 08:12 PM

hi, these are the .txt files you wanted.

from SDFix:


SDFix: Version 1.79

Run by aristotle - Tue 04/24/2007 - 17:36:49.12

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\ARISTO~1\Desktop\NEWFOL~1\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\SDKOM.EXE - Deleted
C:\DOCUME~1\ARISTO~1\LOCALS~1\Temp\ICD1.tmp\jinstall-1_5_0_09.inf - Deleted
C:\DOCUME~1\ARISTO~1\LOCALS~1\Temp\ICD1.tmp\jinstall.exe - Deleted
C:\a.bat - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\iexplore.exe - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\winlogon.exe - Deleted


Folder C:\DOCUME~1\ARISTO~1\LOCALS~1\Temp\ICD1.tmp - Removed

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\p3aodsvr.exe"="C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\p3aodsvr.exe:*:Enabled:Bugs Player Control"
"C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\p3bvsvr.exe"="C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\p3bvsvr.exe:*:Enabled:Bugs Music VoD Control"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\BugsSvr.exe"="C:\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM\\system32\\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\\Program Files\\AIM100\\aim.exe"="C:\\Program Files\\AIM100\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM100\\aim.exe"="C:\\Program Files\\AIM100\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\ARISTO~1\Desktop\NEWFOL~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Steam\SteamApps\oo0totle0oo@hotmail.com\counter-strike\cstrike\models\player\Thumbs.db
C:\Program Files\Steam\SteamApps\oo0totle0oo@hotmail.com\counter-striked\cstrike\logos\Thumbs.db
C:\Documents and Settings\All Users.SYSTEM.LOG
C:\Documents and Settings\Default User.SYSTEM.LOG
C:\Documents and Settings\All Users.SYSTEM\ntuser.dat.LOG
C:\Documents and Settings\All Users.SYSTEM\Application Data\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Application Data\LHGSYFE
C:\Documents and Settings\All Users.SYSTEM\Application Data\Apple Computer\iTunes\SC Info\SC Info.sidb
C:\Documents and Settings\All Users.SYSTEM\Application Data\BitDefender\Desktop\.quarcore_cache
C:\Documents and Settings\All Users.SYSTEM\Application Data\BitDefender\Desktop\Quarantine\.quarcore_cache
C:\Documents and Settings\All Users.SYSTEM\Application Data\Deafburnholethunk\Fork blah help
C:\Documents and Settings\All Users.SYSTEM\Application Data\Macrovision\SafeCast\Product Licenses\B2010000.dat
C:\Documents and Settings\All Users.SYSTEM\Application Data\Macrovision\SafeCast\Product Licenses\B202B000.dat
C:\Documents and Settings\All Users.SYSTEM\Application Data\Macrovision\SafeCast\Product Licenses\BD6FA000.dat
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft\Media Player\DefaultStore_59R.bin
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft\Media Player\UserMigratedStore_59R.bin
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx_1033_MKWD_K.HxW
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx_1033_MTOC_Hx.HxH
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx_1033_MValidator.HxD
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\Hx_1033_MValidator.Lck
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.GROOVE.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.INFOPATH.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.INFOPATHEDITOR.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSACCESS.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSACCESS.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSE.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSPUB.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSPUB.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.OIS.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.ONENOTE.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.OUTLOOK.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.OUTLOOK.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn
C:\Documents and Settings\All Users.SYSTEM\Application Data\Microsoft Help\nslist.hxl
C:\Documents and Settings\All Users.SYSTEM\Application Data\Sonic\sarlicense.dat
C:\Documents and Settings\All Users.SYSTEM\Documents\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\os070469.bin
C:\Documents and Settings\All Users.SYSTEM\Documents\Adobe PDF\Settings\High Quality Print.joboptions
C:\Documents and Settings\All Users.SYSTEM\Documents\Adobe PDF\Settings\PDFX1a 2001.joboptions
C:\Documents and Settings\All Users.SYSTEM\Documents\Adobe PDF\Settings\PDFX3 2002.joboptions
C:\Documents and Settings\All Users.SYSTEM\Documents\Adobe PDF\Settings\Press Quality.joboptions
C:\Documents and Settings\All Users.SYSTEM\Documents\Adobe PDF\Settings\Smallest File Size.joboptions
C:\Documents and Settings\All Users.SYSTEM\Documents\Config\desktop.idf
C:\Documents and Settings\All Users.SYSTEM\Documents\Fonts\SWFont9.fnt
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\AlbumArtSmall.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Folder.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\AlbumArtSmall.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\Folder.jpg
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Music\Thumbs.db
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sample Playlists\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Music\Sync Playlists\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Pictures\Desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Pictures\Thumbs.db
C:\Documents and Settings\All Users.SYSTEM\Documents\My Pictures\Sample Pictures\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Documents\My Pictures\Sample Pictures\Thumbs.db
C:\Documents and Settings\All Users.SYSTEM\Documents\My Videos\Desktop.ini
C:\Documents and Settings\All Users.SYSTEM\DRM\drmstore.hds
C:\Documents and Settings\All Users.SYSTEM\DRM\DRMv1.bak
C:\Documents and Settings\All Users.SYSTEM\DRM\DRMv1.key
C:\Documents and Settings\All Users.SYSTEM\DRM\drmv2.lic
C:\Documents and Settings\All Users.SYSTEM\DRM\drmv2.sst
C:\Documents and Settings\All Users.SYSTEM\DRM\IndivBox.key
C:\Documents and Settings\All Users.SYSTEM\DRM\migration.log
C:\Documents and Settings\All Users.SYSTEM\DRM\v2ks.bla
C:\Documents and Settings\All Users.SYSTEM\DRM\v2ks.sec
C:\Documents and Settings\All Users.SYSTEM\DRM\v2ksndv.bla
C:\Documents and Settings\All Users.SYSTEM\Start Menu\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\Communications\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\Communications\Fax\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Accessories\System Tools\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Games\desktop.ini
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Microsoft Visual Studio 6.0\MSCREATE.DIR
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Microsoft Visual Studio 6.0\Microsoft Visual Studio 6.0 Enterprise Tools\MSCREATE.DIR
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Microsoft Visual Studio 6.0\Microsoft Visual Studio 6.0 Tools\MSCREATE.DIR
C:\Documents and Settings\All Users.SYSTEM\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\NTUSER.DAT
C:\Documents and Settings\Default User.SYSTEM\NTUSER.DAT.LOG
C:\Documents and Settings\Default User.SYSTEM\Application Data\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\History\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\Content.IE5\A5CVUBC8\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\Content.IE5\PXSE65O5\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\Content.IE5\UPVLGAOD\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Local Settings\Temporary Internet Files\Content.IE5\XQZI6EVQ\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\SendTo\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Default User.SYSTEM\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\aristotle\Application Data\Microsoft\Templates\~WRL2171.tmp
C:\Documents and Settings\aristotle\Application Data\Roxio\Dragon\3.x\DiscInfoCache\AXV_CD_DVD-ROM_2.2a_100_DICV018_DRGV300005B.TMP
C:\Documents and Settings\aristotle\My Documents\~WRL0003.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL0696.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL1016.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL1229.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL1531.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL1996.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL2083.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL2822.tmp
C:\Documents and Settings\aristotle\My Documents\~WRL3875.tmp
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\config\default.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\config\software.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\config\system.tmp.LOG

Finished

NoLop :

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\aristotle\Desktop
[4/24/2007]
[6:01:36 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Admin\Application Data\Macromedia
C:\Documents and Settings\Admin\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Dell
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users.system\Application Data\Adobe
C:\Documents and Settings\All Users.system\Application Data\Adobe Systems
C:\Documents and Settings\All Users.system\Application Data\Aol
C:\Documents and Settings\All Users.system\Application Data\Apple Computer
C:\Documents and Settings\All Users.system\Application Data\Bitdefender
C:\Documents and Settings\All Users.system\Application Data\Bvrp Software
C:\Documents and Settings\All Users.system\Application Data\Cyberlink
C:\Documents and Settings\All Users.system\Application Data\Glidermon
C:\Documents and Settings\All Users.system\Application Data\Google
C:\Documents and Settings\All Users.system\Application Data\Installshield
C:\Documents and Settings\All Users.system\Application Data\Macromedia
C:\Documents and Settings\All Users.system\Application Data\Macrovision
C:\Documents and Settings\All Users.system\Application Data\Microsoft
C:\Documents and Settings\All Users.system\Application Data\Microsoft Help
C:\Documents and Settings\All Users.system\Application Data\Msn Messenger 6.2.0133
C:\Documents and Settings\All Users.system\Application Data\Msn6
C:\Documents and Settings\All Users.system\Application Data\Nvidia
C:\Documents and Settings\All Users.system\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users.system\Application Data\Popcap
C:\Documents and Settings\All Users.system\Application Data\Pure Networks
C:\Documents and Settings\All Users.system\Application Data\Quicktime
C:\Documents and Settings\All Users.system\Application Data\Roboform
C:\Documents and Settings\All Users.system\Application Data\Roxio
C:\Documents and Settings\All Users.system\Application Data\Skype
C:\Documents and Settings\All Users.system\Application Data\Sonic
C:\Documents and Settings\All Users.system\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users.system\Application Data\Symantec
C:\Documents and Settings\All Users.system\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users.system\Application Data\Viewpoint
C:\Documents and Settings\All Users.system\Application Data\Webroot
C:\Documents and Settings\All Users.system\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.system\Application Data\Wm
C:\Documents and Settings\All Users.system\Application Data\Yahoo! Companion
C:\Documents and Settings\Aristotle\Application Data\.bittornado
C:\Documents and Settings\Aristotle\Application Data\Adobe
C:\Documents and Settings\Aristotle\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Aristotle\Application Data\Ahead
C:\Documents and Settings\Aristotle\Application Data\Aim
C:\Documents and Settings\Aristotle\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Aristotle\Application Data\Apple Computer
C:\Documents and Settings\Aristotle\Application Data\Atari
C:\Documents and Settings\Aristotle\Application Data\Azureus
C:\Documents and Settings\Aristotle\Application Data\Bitdefender
C:\Documents and Settings\Aristotle\Application Data\Cyberlink
C:\Documents and Settings\Aristotle\Application Data\Design Science
C:\Documents and Settings\Aristotle\Application Data\Google
C:\Documents and Settings\Aristotle\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Aristotle\Application Data\Icaclient -- EMPTY Directory
C:\Documents and Settings\Aristotle\Application Data\Identities
C:\Documents and Settings\Aristotle\Application Data\Jasc
C:\Documents and Settings\Aristotle\Application Data\Kazaa Lite
C:\Documents and Settings\Aristotle\Application Data\Kontiki
C:\Documents and Settings\Aristotle\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Aristotle\Application Data\Leadertech
C:\Documents and Settings\Aristotle\Application Data\Macromedia
C:\Documents and Settings\Aristotle\Application Data\Microsoft
C:\Documents and Settings\Aristotle\Application Data\Mozilla
C:\Documents and Settings\Aristotle\Application Data\Msn6
C:\Documents and Settings\Aristotle\Application Data\Real
C:\Documents and Settings\Aristotle\Application Data\Red Chair Software
C:\Documents and Settings\Aristotle\Application Data\Roxio
C:\Documents and Settings\Aristotle\Application Data\Skype
C:\Documents and Settings\Aristotle\Application Data\Slimbrowser
C:\Documents and Settings\Aristotle\Application Data\Smartftp
C:\Documents and Settings\Aristotle\Application Data\Snapfish
C:\Documents and Settings\Aristotle\Application Data\Sonic
C:\Documents and Settings\Aristotle\Application Data\Sun
C:\Documents and Settings\Aristotle\Application Data\Symantec
C:\Documents and Settings\Aristotle\Application Data\Talkback
C:\Documents and Settings\Aristotle\Application Data\Testbuddy
C:\Documents and Settings\Aristotle\Application Data\Tor
C:\Documents and Settings\Aristotle\Application Data\Utorrent
C:\Documents and Settings\Aristotle\Application Data\Ventrilo
C:\Documents and Settings\Aristotle\Application Data\Webroot
C:\Documents and Settings\Aristotle\Application Data\Wm
C:\Documents and Settings\Aristotle\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User.system\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Aim
C:\Documents and Settings\Guest\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Lycos
C:\Documents and Settings\Guest\Application Data\Macromedia
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Real
C:\Documents and Settings\Guest\Application Data\Slimbrowser
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt Authority\Application Data\Roxio
C:\Documents and Settings\Localservice.nt Authority\Application Data\Webroot
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Symantec
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Webroot
C:\Documents and Settings\Owner\Application Data\Identities
C:\Documents and Settings\Owner\Application Data\Microsoft
C:\Documents and Settings\Safety\Application Data\Identities
C:\Documents and Settings\Safety\Application Data\Microsoft
C:\Documents and Settings\Safety\Application Data\Slimbrowser

Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 6:07:07 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\smss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\services.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\lsass.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\devldr32.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\CopperHead\razerhid.exe"
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Internet Explorer 6] iexplore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer 6] iexplore.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [ProxyWay] "C:\Documents" and Settings\aristotle\Desktop\snd-proxyway2.2fixed.cracked.exe-dit\snd-proxyway2.2fixed.cracked.exe\proxyway.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - DarkKnight Is Hot - C:\Program Files\AIM95abcdef\aim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2816054b10c894...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135122112718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm200...ick/TMSetup.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040708.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...329/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WRLogonNTF.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ipgv.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


thanks.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 25 April 2007 - 02:41 AM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Network Security Service ( 11Fßä#·ºÄÖ`I)
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

Click Start>Run and type regedit then click OK.
Navigate to:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
Scroll down the left pane, locate the service name:
Network Security Service ( 11Fßä#·ºÄÖ`I)
Right click on it 'Delete'.
Then reboot.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O4 - HKLM\..\Run: [Microsoft Internet Explorer 6] iexplore.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer 6] iexplore.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ipgv.exe" /s (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 totez

totez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 25 April 2007 - 08:15 PM

hello, thank you for all your help. i checked to see if the CiD add came up when i opened internet explorer and it has not, but i will include the hijacklog and the avg report. But i have a couple of questions, i have bitdefender, avg, spyweeper, all contain stuff in its own quarintine, if use one of these programs to scan my computer wouldnt it interfere with all the other quartine stuff and say those are infected stuff as well? should i delete my quarantine? and another question is which spyware program should i open with my virus software (bitdefender 10) spyweeper or avg or whichever you prefer thanks.


HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:11:27 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\smss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\services.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\lsass.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\devldr32.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\CopperHead\razerhid.exe"
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ProxyWay] "C:\Documents" and Settings\aristotle\Desktop\snd-proxyway2.2fixed.cracked.exe-dit\snd-proxyway2.2fixed.cracked.exe\proxyway.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - DarkKnight Is Hot - C:\Program Files\AIM95abcdef\aim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2816054b10c894...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135122112718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm200...ick/TMSetup.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040708.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...329/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


AVG LOG FILE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:02:27 PM 4/25/2007

+ Scan result:



C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177687.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177689.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177690.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177691.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\B4FM.dll -> Adware.BurnFree : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177721.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\CometTB.exe -> Adware.EZula : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1406\A0177329.dll -> Adware.PluginDL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1406\A0177336.exe -> Adware.PluginDL : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\httppost.exe -> Adware.SpecialOffers : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\F1.dll -> Backdoor.Adbreak.d : Cleaned with backup (quarantined).
C:\Documents and Settings\aristotle\My Documents\download\totlez\LimeWire.Pro.v4.12.11.WinAll.Retail-CRD.rar/LimeWireWin.exe -> Backdoor.Delf.awa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1360\A0171468.exe -> Backdoor.Delf.awa : Cleaned with backup (quarantined).
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\XQZI6EVQ\Crackit-1069[1].zip/Crackit-1069.exe -> Backdoor.Hupigon.cec : Cleaned with backup (quarantined).
C:\Program Files\Rockstar Games\GTA San Andreas\hlm-intro.exe -> Backdoor.Hupigon.kg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177692.exe -> Backdoor.Ruledor.b : Cleaned with backup (quarantined).
C:\Downloads\warn.zip/WarningTool.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\Everything\warn\WarningTool.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Update\dial.dll.015 -> Dialer.DialerOffline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177716.dll -> Downloader.Keenval.l : Cleaned with backup (quarantined).
C:\Documents and Settings\aristotle\Desktop\New Folder\SDFix\backups\backups.zip/backups/iexplore.exe -> Downloader.NDI : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1412\A0179543.exe -> Downloader.NDI : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1412\A0179549.exe -> Downloader.NDI : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177696.dll -> Downloader.QDown.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177688.exe -> Downloader.Stubby.a : Cleaned with backup (quarantined).
C:\Documents and Settings\aristotle\Shared\TS-AudioToMIDI Realtime Converter v3.30.zip/Crack/TS-AudioToMIDI.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1406\A0177312.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\Program Files\Trainer Maker Kit\shared.dat -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1410\A0177701.dll -> Logger.Idly.c : Cleaned with backup (quarantined).
C:\Documents and Settings\aristotle\Desktop\New Folder\SDFix\backups\backups.zip/backups/winlogon.exe -> Proxy.Agent.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1412\A0179544.exe -> Proxy.Agent.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2024FD7-0654-4EFD-9E8D-DC59518E494B}\RP1412\A0179553.exe -> Proxy.Agent.kj : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@ads.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@bis.180solutions[2].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@ads.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@bis.180solutions[2].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@bisads.180solutions[2].txt -> TrackingCookie.180solutions : Cleaned.
:mozilla.120:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\aristotle\Application Data\Mozilla\Profiles\default\d4zk0s3e.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ADMIN\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.
:mozilla.190:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ad.adition[1].txt -> TrackingCookie.Adition : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ugl.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.165:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.166:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.167:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.168:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.148:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.252:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.253:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.254:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.255:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@clickagents[2].txt -> TrackingCookie.Clickagents : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@cliks[1].txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.243:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@download.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@news.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.57:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.199:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.200:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.201:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.202:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\aristotle\Local Settings\Temp\Cookies\aristotle@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.117:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.126:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.43:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned.
:mozilla.181:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cgcpaaqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjkogjcpsbog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjkykldjgapg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjlykldpgfoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjmikkdzsgoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jdzscoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ldzikpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sazkfpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4slczckpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlykldpgfoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmiklcjkgpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jdzscoaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4anczskqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4cgczwaowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiancpgbpqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkicid5wfowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkikhdpkcoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiojdjkhpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwhcjccqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoagdpkgoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokjdpseow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyekajggpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyqjcpegpqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkywlcpoaqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkywldjsdpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aodpkkpawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cicpkfpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4epdjkgpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ggczeaqqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khazoeoa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khdzghqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kldjklqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocpcpidqqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoglajkeowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqpdjifowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosgcjmboq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkouodzkdqqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowjajcbow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowmczgaqqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycjczeepa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyknajkhqa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjajohpw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjazmhpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyskczwgpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuid5ckpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyund5ifpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4end5waqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4okd5obpqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4uncpccoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wid5skpg2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlicpczafoawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliopdpiepgidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqjc5cdpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliuhcjkgoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliuhczsdpqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlogndjwapqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloojajcdqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloojajgfoqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosgdjseoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycpdjwgoqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyelazieqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyogajkaqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlysmdpkhowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyspc5odqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyukdzobpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiaicpecpw6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiugczagpgydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwoczaeogmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyekcpoeqamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygidzmkow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygodpadpwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykiczscqaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycgcjegoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyekdjilowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyghdzikoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygicpsloaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyolc5ikpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoldzeaqaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyomcpegpaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqpdpsgpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywkajkhpaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.185:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.188:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.189:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@gator[2].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@webpdp.gator[2].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@webpdp.gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@adserv.internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.145:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.84:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@www7.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@mediatrack.popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.211:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.212:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@realguide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\safety\Cookies\safety@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.118:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.119:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@spinbox[2].txt -> TrackingCookie.Spinbox : Cleaned.
:mozilla.205:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\aristotle\Cookies\aristotle@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.226:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.227:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.229:C:\Documents and Settings\aristotle\Application Data\Mozilla\Firefox\Profiles\e7fdvgol.default\cookies.tx

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 26 April 2007 - 04:53 AM

But i have a couple of questions, i have bitdefender, avg, spyweeper, all contain stuff in its own quarintine, if use one of these programs to scan my computer wouldnt it interfere with all the other quartine stuff and say those are infected stuff as well? should i delete my quarantine?

Yes,empty all quaratine folders,then empty your recycle bin.

and another question is which spyware program should i open with my virus software (bitdefender 10) spyweeper or avg or whichever you prefer thanks.

It does'nt matter,which ever you personally prefer.

Edited by RichieUK, 29 April 2007 - 03:55 AM.

Posted Image
Posted Image

#7 totez

totez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 30 April 2007 - 01:46 AM

hi, this is regarding the lava soft scan freezing.

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:39:32 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\smss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\services.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\lsass.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\CopperHead\razerhid.exe"
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ProxyWay] "C:\Documents" and Settings\aristotle\Desktop\snd-proxyway2.2fixed.cracked.exe-dit\snd-proxyway2.2fixed.cracked.exe\proxyway.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - DarkKnight Is Hot - C:\Program Files\AIM95abcdef\aim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2816054b10c894...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135122112718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm200...ick/TMSetup.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040708.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...329/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


* i have also included the logfil for ad aware

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, April 28, 2007 10:47:44 PM
Using definitions file:SE1R167 23.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R167 23.04.2007
Internal build : 208
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 1128056 Bytes
Total size : 3686800 Bytes
Signature data size : 3645975 Bytes
Reference data size : 40313 Bytes
Signatures total : 96513
CSI Fingerprints total : 6927
CSI data size : 349125 Bytes
Target categories : 15
Target families : 1090


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:65 %
Total physical memory:1571852 kb
Available physical memory:1020588 kb
Total page file size:2470292 kb
Available on page file:2022524 kb
Total virtual memory:2097024 kb
Available virtual memory:2021304 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-28-2007 10:47:44 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 456
ThreadCreationTime : 4-29-2007 5:37:29 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 524
ThreadCreationTime : 4-29-2007 5:37:32 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 548
ThreadCreationTime : 4-29-2007 5:37:34 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 592
ThreadCreationTime : 4-29-2007 5:37:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 608
ThreadCreationTime : 4-29-2007 5:37:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 756
ThreadCreationTime : 4-29-2007 5:37:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 844
ThreadCreationTime : 4-29-2007 5:37:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\
ProcessID : 880
ThreadCreationTime : 4-29-2007 5:37:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\
ProcessID : 972
ThreadCreationTime : 4-29-2007 5:37:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1104
ThreadCreationTime : 4-29-2007 5:37:38 AM
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1120
ThreadCreationTime : 4-29-2007 5:37:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1136
ThreadCreationTime : 4-29-2007 5:37:38 AM
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1320
ThreadCreationTime : 4-29-2007 5:37:40 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:14 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1372
ThreadCreationTime : 4-29-2007 5:37:40 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1404
ThreadCreationTime : 4-29-2007 5:37:41 AM
BasePriority : Normal
FileVersion : 6.14.10.9147
ProductVersion : 6.14.10.9147
ProductName : NVIDIA Driver Helper Service, Version 91.47
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 91.47
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\
ProcessID : 1504
ThreadCreationTime : 4-29-2007 5:37:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1620
ThreadCreationTime : 4-29-2007 5:37:44 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1744
ThreadCreationTime : 4-29-2007 5:37:47 AM
BasePriority : Normal
FileVersion : 1, 8, 11, 0
ProductVersion : 1, 8, 11, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:19 [explorer.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\
ProcessID : 1952
ThreadCreationTime : 4-29-2007 5:37:51 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 2004
ThreadCreationTime : 4-29-2007 5:37:52 AM
BasePriority : Normal


#:21 [fxssvc.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 2024
ThreadCreationTime : 4-29-2007 5:37:52 AM
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Fax Service
InternalName : FXSSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE

#:22 [livesrv.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Update Service\
ProcessID : 2044
ThreadCreationTime : 4-29-2007 5:37:53 AM
BasePriority : Normal
FileVersion : 10, 2, 0, 16
ProductVersion : 10, 2, 0, 16
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : LiveSrv
LegalCopyright : © 2007 SOFTWIN S.R.L.
OriginalFilename : livesrv.exe

#:23 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender10\
ProcessID : 356
ThreadCreationTime : 4-29-2007 5:37:57 AM
BasePriority : Normal
FileVersion : 10, 2, 1, 114
ProductVersion : 10, 2, 1, 114
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2007 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe

#:24 [daemon.exe]
FilePath : C:\Program Files\D-Tools\
ProcessID : 568
ThreadCreationTime : 4-29-2007 5:38:00 AM
BasePriority : Normal


#:25 [dlbfbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A960\
ProcessID : 716
ThreadCreationTime : 4-29-2007 5:38:00 AM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
FileDescription : Dell AIO Printer A960 Button Manager
InternalName : dlbfbmgr.exe
OriginalFilename : dlbfbmgr.exe

#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 720
ThreadCreationTime : 4-29-2007 5:38:00 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [dlbfbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A960\
ProcessID : 784
ThreadCreationTime : 4-29-2007 5:38:00 AM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
FileDescription : Dell AIO Printer A960 Button Monitor
InternalName : dlbfbmon.exe
OriginalFilename : dlbfbmon.exe

#:28 [razerhid.exe]
FilePath : C:\Program Files\Razer\CopperHead\
ProcessID : 1304
ThreadCreationTime : 4-29-2007 5:38:03 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : razerhid Application
FileDescription : razerhid MFC Application
InternalName : razerhid
LegalCopyright : Copyright © 2004
OriginalFilename : razerhid.EXE

#:29 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 708
ThreadCreationTime : 4-29-2007 5:38:04 AM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:30 [groovemonitor.exe]
FilePath : C:\Program Files\Microsoft Office\Office12\
ProcessID : 1496
ThreadCreationTime : 4-29-2007 5:38:04 AM
BasePriority : Normal


#:31 [bdmcon.exe]
FilePath : C:\PROGRA~1\Softwin\BITDEF~1\
ProcessID : 1328
ThreadCreationTime : 4-29-2007 5:38:04 AM
BasePriority : Normal
FileVersion : 10, 2, 0, 15
ProductVersion : 10, 2, 0, 15
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : © 2006 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe

#:32 [bdagent.exe]
FilePath : C:\Program Files\Softwin\BitDefender10\
ProcessID : 1576
ThreadCreationTime : 4-29-2007 5:38:05 AM
BasePriority : Normal
FileVersion : 10, 2, 0, 16
ProductVersion : 10, 2, 0, 16
ProductName : Bitdefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BDAgent Application
InternalName : BDSwitch
LegalCopyright : © 2006 SOFTWIN S.R.L.
OriginalFilename : BDSwitch.exe

#:33 [devldr32.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 1560
ThreadCreationTime : 4-29-2007 5:38:06 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:34 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1816
ThreadCreationTime : 4-29-2007 5:38:20 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2128
ThreadCreationTime : 4-29-2007 5:38:20 AM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 2148
ThreadCreationTime : 4-29-2007 5:38:20 AM
BasePriority : Normal


#:37 [wscntfy.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 2204
ThreadCreationTime : 4-29-2007 5:38:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:38 [ctfmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\
ProcessID : 2284
ThreadCreationTime : 4-29-2007 5:38:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:39 [alg.exe]
FilePath : C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\
ProcessID : 2332
ThreadCreationTime : 4-29-2007 5:38:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:40 [aim.exe]
FilePath : C:\Program Files\AIM95\
ProcessID : 2400
ThreadCreationTime : 4-29-2007 5:38:26 AM
BasePriority : Normal
FileVersion : 5.5.3599
ProductVersion : 5.5.3599
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:41 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\
ProcessID : 2524
ThreadCreationTime : 4-29-2007 5:38:29 AM
BasePriority : Normal
FileVersion : 1, 2, 1128, 5462
ProductVersion : 1, 2, 1128, 5462
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:42 [razerofa.exe]
FilePath : C:\Program Files\Razer\CopperHead\
ProcessID : 2556
ThreadCreationTime : 4-29-2007 5:38:29 AM
BasePriority : Normal
FileVersion : 4.0.0.4
ProductVersion : 4.0.0.4
ProductName : Razer OFA
CompanyName : Razer Inc.
FileDescription : Razer OFA - On-the-Fly Sensitivity Adjustment
InternalName : RAZEROFA.EXE
LegalCopyright : Copyright © 2004 Razer Inc.
OriginalFilename : razerofa.exe

#:43 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 2612
ThreadCreationTime : 4-29-2007 5:38:33 AM
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:44 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3140
ThreadCreationTime : 4-29-2007 5:39:39 AM
BasePriority : Normal


#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3416
ThreadCreationTime : 4-29-2007 5:46:52 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
10:48:14 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:30.703
Objects scanned:81549
Objects identified:0
Objects ignored:0
New critical objects:0

i have tried looking it up online on what the problem could be, seems other people are having it to. it was suggested to defragment the computer and i did that yesterday but it still freezes at c\: windows\l33b

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 30 April 2007 - 03:20 AM

Go to:
C:\WINDOWS\l33b
Right click on the l33b folder 'Properties'.
Post as much information as you can from the 'Properties' window,so that we can possibly work out exactly what this folder is.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users