PDA

View Full Version : generally screwed



rectangle
2006-07-13, 00:22
I think my main problem is surfsidekick, but i've got a whole host of others that s&d cant delete, and if it does delete some of them they come right back. Heres a log

Logfile of HijackThis v1.99.1
Scan saved at 5:21:54 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\U3B1bmt5\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\System32\63656067636165.exe
C:\WINDOWS\win3208287543038.exe
C:\WINDOWS\sys03430382875.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Valve\Steam\Steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\MBOLS~1\regedit.exe
C:\Program Files\AXFibula\AXFibula.exe
C:\Program Files\PSHope\PSHope.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
c:\windows\system32\pqdsregn.exe
C:\Program Files\Yazzle Snowball Wars\License.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\flide.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qhphpht.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinrqez.exe GID003
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ds4dsp.exe reg_run
O4 - HKLM\..\Run: [BFC1BCC3BFBDC1C3] 63656067636165.exe
O4 - HKLM\..\Run: [win3208287543038] C:\WINDOWS\win3208287543038.exe
O4 - HKLM\..\Run: [{E0-01-1E-EE-ZN}] c:\windows\system32\pqdsregn.exe GID003
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ms04303828754] C:\WINDOWS\ms04303828754.exe
O4 - HKLM\..\Run: [sys03430382875] C:\WINDOWS\sys03430382875.exe
O4 - HKLM\..\Run: [w0020371.dll] RUNDLL32.EXE w0020371.dll,I2 00051fff00020371
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Owfd] C:\PROGRA~1\COMMON~1\SCURIT~1\PLORER~1.EXE
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Taeo] "C:\WINDOWS\MBOLS~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [AXFibula] "C:\Program Files\AXFibula\AXFibula.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\System32\mshta.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\n62u0gf9e62.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3B1bmt5\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

tashi
2006-07-13, 00:57
Hello.

Previous topics:
http://forums.spybot.info/showthread.php?t=5002
http://forums.spybot.info/showthread.php?t=4045

Both closed because of lack of a response to the helper who answered you.
:spider:

rectangle
2006-07-13, 01:10
i know i'm really sorry about the lack of response before but i kind of boycotted my computer for a while because this spyware is so bad. I tried the things i was told to do before but they diddnt help much if at all. I'm using this thread to post the new and complete log and would REALLY apreciate some help. I'll pay attention this time, i promise :)

rectangle
2006-07-17, 01:13
So will i be helped with this or have i worn out my welcome? I'm very sorry for any inconvenience i've caused in the past.

tashi
2006-07-17, 02:05
Hello and sorry for the wait.

Please go here and post a link back to this topic to flag a helper.

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

LonnyRJones
2006-07-19, 21:22
Please download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.

Please post the contents of Look2Me-Destroyer.txt and a uninsrtall list made from Hijackthis, heres how
Create a hijackthis uninstall list
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread

rectangle
2006-07-20, 02:39
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 7/19/2006 7:21:12 PM

Infected! C:\WINDOWS\system32\n62u0gf9e62.dll
Infected! C:\RECYCLER\NPROTECT\06630236.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0038516.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0039516.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040516.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040614.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP101\A0041616.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0042698.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043952.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043956.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0043982.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0044010.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP113\A0045200.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046955.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046973.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048018.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048977.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049002.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049019.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP120\A0050067.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP121\A0051022.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051057.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051206.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0052051.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052091.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052095.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0053094.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0054092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP140\A0058092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0059092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0060092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0061092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064094.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064159.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064167.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0065094.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0066092.dll
Infected! C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP144\A0066251.dll
Infected! C:\WINDOWS\system32\ajpmgr.dll
Infected! C:\WINDOWS\system32\altxprxy.dll
Infected! C:\WINDOWS\system32\axpmgmts.dll
Infected! C:\WINDOWS\system32\cTrds.dll
Infected! C:\WINDOWS\system32\cvrsrv.dll
Infected! C:\WINDOWS\system32\cyTrust.dll
Infected! C:\WINDOWS\system32\d2j02c1mgf.dll
Infected! C:\WINDOWS\system32\d8j00i1me8.dll
Infected! C:\WINDOWS\system32\d8j0li1m18.dll
Infected! C:\WINDOWS\system32\dn2801fue.dll
Infected! C:\WINDOWS\system32\dnr6019se.dll
Infected! C:\WINDOWS\system32\dOtaclen.dll
Infected! C:\WINDOWS\system32\e8200ifme82a0.dll
Infected! C:\WINDOWS\system32\en2ul1f91.dll
Infected! C:\WINDOWS\system32\en84l1lq1.dll
Infected! C:\WINDOWS\system32\enjql1151.dll
Infected! C:\WINDOWS\system32\enp6l17s1.dll
Infected! C:\WINDOWS\system32\fp6m03j1e.dll
Infected! C:\WINDOWS\system32\fp8q03l5e.dll
Infected! C:\WINDOWS\system32\fpn0035me.dll
Infected! C:\WINDOWS\system32\fpnm0351e.dll
Infected! C:\WINDOWS\system32\g0jo0a13ed.dll
Infected! C:\WINDOWS\system32\gp26l3fs1.dll
Infected! C:\WINDOWS\system32\gp4ol3h31.dll
Infected! C:\WINDOWS\system32\gpn6l35s1.dll
Infected! C:\WINDOWS\system32\hr2o05f3e.dll
Infected! C:\WINDOWS\system32\hrp2057oe.dll
Infected! C:\WINDOWS\system32\hrrm0591e.dll
Infected! C:\WINDOWS\system32\i2jqlc151f.dll
Infected! C:\WINDOWS\system32\i2lolc331f.dll
Infected! C:\WINDOWS\system32\i4600ejmehoa0.dll
Infected! C:\WINDOWS\system32\irn0l55m1.dll
Infected! C:\WINDOWS\system32\jtl2073oe.dll
Infected! C:\WINDOWS\system32\jtlu0739e.dll
Infected! C:\WINDOWS\system32\jtnu0759e.dll
Infected! C:\WINDOWS\system32\k2pmlc711f.dll
Infected! C:\WINDOWS\system32\k6pmlg7116.dll
Infected! C:\WINDOWS\system32\k8pm0i71e8.dll
Infected! C:\WINDOWS\system32\kt64l7jq1.dll
Infected! C:\WINDOWS\system32\l0r00a9med.dll
Infected! C:\WINDOWS\system32\l2j8lc1u1f.dll
Infected! C:\WINDOWS\system32\l44qleh51h4.dll
Infected! C:\WINDOWS\system32\l60ulgd9160.dll
Infected! C:\WINDOWS\system32\l8p2li7o18.dll
Infected! C:\WINDOWS\system32\lv2809fue.dll
Infected! C:\WINDOWS\system32\lv6609jse.dll
Infected! C:\WINDOWS\system32\m4pole731h.dll
Infected! C:\WINDOWS\system32\m8poli7318.dll
Infected! C:\WINDOWS\system32\mv0ul9d91.dll
Infected! C:\WINDOWS\system32\mvr4l99q1.dll
Infected! C:\WINDOWS\system32\mwvcp50.dll
Infected! C:\WINDOWS\system32\n0l8la3u1d.dll
Infected! C:\WINDOWS\system32\n62u0gf9e62.dll
Infected! C:\WINDOWS\system32\n64s0gh7e64.dll
Infected! C:\WINDOWS\system32\p0r40a9qed.dll
Infected! C:\WINDOWS\system32\p88q0il5e8q.dll
Infected! C:\WINDOWS\system32\rbcss.dll
Infected! C:\WINDOWS\system32\s4rsle971h.dll
Infected! C:\WINDOWS\system32\sai.dll
Infected! C:\WINDOWS\system32\sborprop.dll
Infected! C:\WINDOWS\system32\sxi.dll
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\WINDOWS\system32\vnfilter.dll
Infected! C:\WINDOWS\system32\WUDMLOG.dll
Infected! C:\WINDOWS\system32\zmcommdb.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n62u0gf9e62.dll
C:\WINDOWS\system32\n62u0gf9e62.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\06630236.dll
C:\RECYCLER\NPROTECT\06630236.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0038516.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0038516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0039516.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0039516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040516.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040614.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP100\A0040614.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP101\A0041616.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP101\A0041616.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0042698.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0042698.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043952.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043952.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043956.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP104\A0043956.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0043982.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0043982.dll Deleted successfully!

rectangle
2006-07-20, 02:39
Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0044010.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP105\A0044010.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP113\A0045200.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP113\A0045200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046955.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046955.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046973.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP117\A0046973.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048018.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048018.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048977.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP118\A0048977.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049002.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049002.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049019.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP119\A0049019.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP120\A0050067.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP120\A0050067.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP121\A0051022.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP121\A0051022.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051057.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051057.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051206.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0051206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0052051.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP123\A0052051.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052091.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052091.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052095.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP124\A0052095.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0053094.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0053094.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0054092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP126\A0054092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP140\A0058092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP140\A0058092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0059092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0059092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0060092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0060092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0061092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP141\A0061092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064094.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064094.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064159.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064159.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064167.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0064167.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0065094.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0065094.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0066092.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP143\A0066092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP144\A0066251.dll
C:\System Volume Information\_restore{3FA6B1A0-69F2-40F5-ADC7-F70337522EB7}\RP144\A0066251.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ajpmgr.dll
C:\WINDOWS\system32\ajpmgr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\altxprxy.dll
C:\WINDOWS\system32\altxprxy.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\axpmgmts.dll
C:\WINDOWS\system32\axpmgmts.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cTrds.dll
C:\WINDOWS\system32\cTrds.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cvrsrv.dll
C:\WINDOWS\system32\cvrsrv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cyTrust.dll
C:\WINDOWS\system32\cyTrust.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d2j02c1mgf.dll
C:\WINDOWS\system32\d2j02c1mgf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d8j00i1me8.dll
C:\WINDOWS\system32\d8j00i1me8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d8j0li1m18.dll
C:\WINDOWS\system32\d8j0li1m18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn2801fue.dll
C:\WINDOWS\system32\dn2801fue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\dnr6019se.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dOtaclen.dll
C:\WINDOWS\system32\dOtaclen.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e8200ifme82a0.dll
C:\WINDOWS\system32\e8200ifme82a0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en2ul1f91.dll
C:\WINDOWS\system32\en2ul1f91.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en84l1lq1.dll
C:\WINDOWS\system32\en84l1lq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enjql1151.dll
C:\WINDOWS\system32\enjql1151.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enp6l17s1.dll
C:\WINDOWS\system32\enp6l17s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fp6m03j1e.dll
C:\WINDOWS\system32\fp6m03j1e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fp8q03l5e.dll
C:\WINDOWS\system32\fp8q03l5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpn0035me.dll
C:\WINDOWS\system32\fpn0035me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpnm0351e.dll
C:\WINDOWS\system32\fpnm0351e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g0jo0a13ed.dll
C:\WINDOWS\system32\g0jo0a13ed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp26l3fs1.dll
C:\WINDOWS\system32\gp26l3fs1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp4ol3h31.dll
C:\WINDOWS\system32\gp4ol3h31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gpn6l35s1.dll
C:\WINDOWS\system32\gpn6l35s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr2o05f3e.dll
C:\WINDOWS\system32\hr2o05f3e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrp2057oe.dll
C:\WINDOWS\system32\hrp2057oe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrrm0591e.dll
C:\WINDOWS\system32\hrrm0591e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i2jqlc151f.dll
C:\WINDOWS\system32\i2jqlc151f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i2lolc331f.dll
C:\WINDOWS\system32\i2lolc331f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4600ejmehoa0.dll
C:\WINDOWS\system32\i4600ejmehoa0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irn0l55m1.dll
C:\WINDOWS\system32\irn0l55m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtl2073oe.dll
C:\WINDOWS\system32\jtl2073oe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtlu0739e.dll
C:\WINDOWS\system32\jtlu0739e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtnu0759e.dll
C:\WINDOWS\system32\jtnu0759e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k2pmlc711f.dll
C:\WINDOWS\system32\k2pmlc711f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k6pmlg7116.dll
C:\WINDOWS\system32\k6pmlg7116.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k8pm0i71e8.dll
C:\WINDOWS\system32\k8pm0i71e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt64l7jq1.dll
C:\WINDOWS\system32\kt64l7jq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l0r00a9med.dll
C:\WINDOWS\system32\l0r00a9med.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l2j8lc1u1f.dll
C:\WINDOWS\system32\l2j8lc1u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l44qleh51h4.dll
C:\WINDOWS\system32\l44qleh51h4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l60ulgd9160.dll
C:\WINDOWS\system32\l60ulgd9160.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l8p2li7o18.dll
C:\WINDOWS\system32\l8p2li7o18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv2809fue.dll
C:\WINDOWS\system32\lv2809fue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv6609jse.dll
C:\WINDOWS\system32\lv6609jse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m4pole731h.dll
C:\WINDOWS\system32\m4pole731h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m8poli7318.dll
C:\WINDOWS\system32\m8poli7318.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv0ul9d91.dll
C:\WINDOWS\system32\mv0ul9d91.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvr4l99q1.dll
C:\WINDOWS\system32\mvr4l99q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mwvcp50.dll
C:\WINDOWS\system32\mwvcp50.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n0l8la3u1d.dll
C:\WINDOWS\system32\n0l8la3u1d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n62u0gf9e62.dll
C:\WINDOWS\system32\n62u0gf9e62.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n64s0gh7e64.dll
C:\WINDOWS\system32\n64s0gh7e64.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p0r40a9qed.dll
C:\WINDOWS\system32\p0r40a9qed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p88q0il5e8q.dll
C:\WINDOWS\system32\p88q0il5e8q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rbcss.dll
C:\WINDOWS\system32\rbcss.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s4rsle971h.dll
C:\WINDOWS\system32\s4rsle971h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sai.dll
C:\WINDOWS\system32\sai.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sborprop.dll
C:\WINDOWS\system32\sborprop.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sxi.dll
C:\WINDOWS\system32\sxi.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\vnfilter.dll
C:\WINDOWS\system32\vnfilter.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\WUDMLOG.dll
C:\WINDOWS\system32\WUDMLOG.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\zmcommdb.dll
C:\WINDOWS\system32\zmcommdb.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCD

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A9EC08B6-AE63-44CD-BCA5-79BD12B6D5FB}"
HKCR\Clsid\{A9EC08B6-AE63-44CD-BCA5-79BD12B6D5FB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4E478604-6425-4F73-93F6-7DFF7A3D59F1}"
HKCR\Clsid\{4E478604-6425-4F73-93F6-7DFF7A3D59F1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7A722484-A0E2-4F0F-8C27-F72D8C9F721B}"
HKCR\Clsid\{7A722484-A0E2-4F0F-8C27-F72D8C9F721B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2542675C-7538-4F74-9C48-5FDCA2EB957F}"
HKCR\Clsid\{2542675C-7538-4F74-9C48-5FDCA2EB957F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

rectangle
2006-07-20, 02:40
hijackthis uninstall log


ACTive Prep
Ad-aware 6 Personal
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Ahead Nero Burning ROM
AOL Instant Messenger
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
autoSearch
Battlefield 1942
Battlefield 2 Standalone Demo Server
Battlefield 2(TM) Demo
BitTorrent 4.0.2
DeadAIM
DivX Player
DivX Web Player
Doom 3
FEAR SP Demo
FL Studio 5
GameSpy Arcade
Google Earth
HijackThis 1.99.1
IE Host R3
J2SE Runtime Environment 5.0 Update 1
K-Lite Codec Pack 2.42 Full
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech iTouch Software
Macromedia Flash Player 8
Macromedia Shockwave Player
MAIET Gunz
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5.0.3)
Need for Speed™ Most Wanted PC Demo
Norton AntiVirus 2003 Professional Edition
Norton WMI Update
NVIDIA Drivers
NvMixer
Outlook Express Q837009
Painkiller Multiplayer Demo
Painkiller SP Demo
Pariah Multiplayer Demo [Try&Die] (Shared Components)
PowerDVD
Quicklinks
QuickTime
RealPlayer
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Snowball Wars by OIN
SoulSeek 157 test 5
Soulseek Client 152
Spybot - Search & Destroy 1.4
Steam
Surf SideKick
TContext
Tom Clancy's Splinter Cell Chaos Theory
TrojanHunter 4.2
Unreal Tournament 2004 Demo
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q819696
WinRAR archiver
WinTasks Trial
WinZip
Xfire (remove only)
X-Men(TM) Legends 2 Demo
ZoneAlarm

LonnyRJones
2006-07-20, 04:24
In windows control panel > addremove programs uninstall
autoSearch
Quicklinks
Snowball Wars by OIN
Surf SideKick

TContext < im unsure of this, if you are to uninstall it

Restart the PC once back make and post another (new) hijackthis log.

rectangle
2006-07-20, 12:48
autosearch refused to uninstall(it just diddnt go away or open any windows when i clicked "change/remove") and tc search told me that there was an error becuse it might have already been deleted and asked if i would like to remove it from the programs list. I kept it on there just incase. heres the new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:57 AM, on 7/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\63656067636165.exe
C:\windows\system32\pqdsregn.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\sys02543038287.exe
C:\WINDOWS\win3207828754303.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\PSHope\PSHope.exe
C:\WINDOWS\U3B1bmt5\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\mc-67-525-0000166.exe.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\flide.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qhphpht.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\nwinrqez.exe GID003
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ds4dsp.exe reg_run
O4 - HKLM\..\Run: [BFC1BCC3BFBDC1C3] 63656067636165.exe
O4 - HKLM\..\Run: [{E0-01-1E-EE-ZN}] C:\windows\system32\pqdsregn.exe GID003
O4 - HKLM\..\Run: [w0020371.dll] RUNDLL32.EXE w0020371.dll,I2 00051fff00020371
O4 - HKLM\..\Run: [sys02543038287] C:\WINDOWS\sys02543038287.exe
O4 - HKLM\..\Run: [win3207828754303] C:\WINDOWS\win3207828754303.exe
O4 - HKLM\..\RunOnce: [myDfoKCq] cmd /c IF EXIST "C:\WINDOWS\System32\acwfs4t2.exe" del /s /q "C:\WINDOWS\System32\acwfs4t2.exe"
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [AXFibula] "C:\Program Files\AXFibula\AXFibula.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\System32\mshta.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3B1bmt5\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

LonnyRJones
2006-07-20, 14:14
Hi
Open addremove programs and let it remove that autosearch entry.
Open a command prompt (start run type cmd press enter) type
sc delete "cmdservice"
press enter, type exit and press enter to exit the command prompt
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\flide.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qhphpht.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\nwinrqez.exe GID003
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ds4dsp.exe reg_run
O4 - HKLM\..\Run: 63656067636165.exe
O4 - HKLM\..\Run: [{E0-01-1E-EE-ZN}] C:\windows\system32\pqdsregn.exe GID003
O4 - HKLM\..\Run: [w0020371.dll] RUNDLL32.EXE w0020371.dll,I2 00051fff00020371
O4 - HKLM\..\Run: [sys02543038287] C:\WINDOWS\sys02543038287.exe
O4 - HKLM\..\Run: [win3207828754303] C:\WINDOWS\win3207828754303.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [AXFibula] "C:\Program Files\AXFibula\AXFibula.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\System32\mshta.dll
====================================
Hit fix checked and close Hijackthis.(not to worry about a Hijackthis error)

Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x][B]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\System32\63656067636165.exe
C:\windows\system32\pqdsregn.exe
C:\WINDOWS\sys02543038287.exe
C:\WINDOWS\win3207828754303.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\PSHope\PSHope.exe
C:\WINDOWS\U3B1bmt5\command.exe
C:\Program Files\Common Files\mc-67-525-0000166.exe.exe
C:\WINDOWS\System32\nwinrqez.exe
C:\Program Files\AXFibula\AXFibula.exe
C:\WINDOWS\System32\winupd.exe
C:\WINDOWS\System32\mshta.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\Program Files\Batty\Batty.dll

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say YES to the prompt to restart the pc.


Next:
Set windows to show hiddenfiles/folders and extensions
for XP systems Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.

1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)

Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
Update the program and close it2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.

Right click the BFU folder on your desktop, and choose [B]Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:

Click on scanner
Scanner tab at the top and then click on Complete System Scan This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the
recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
6 Check for and fix any problems found with SpyBot

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

rectangle
2006-07-21, 19:07
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:53:25 AM 7/21/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\instafin.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\Overpro-347.exe -> Adware.AdSrve : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iehost34.exe.tcf -> Adware.AdSrve : Cleaned with backup (quarantined).
C:\WINDOWS\system32\terabyte.exe -> Adware.AdSrve : Cleaned with backup (quarantined).
C:\WINDOWS\system32\unwise56.exe -> Adware.AdSrve : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SBJ6J56B\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SBJ6J56B\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UBV2YM6E\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\983723.exe -> Adware.AdWast : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\Tspd.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\InetGet2\webhost2.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633958.EXE -> Adware.Agent : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06634158.EXE -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\anklinla.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\beoepfap.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eigbekih.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ibebdfik.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ihblajhl.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\knmhcgle.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nkgdgdlo.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\npcmkajd.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\backups\backup-20060408-142615-117.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\altnet\adm25.dll.tcf -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll.tcf -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msbe.dll.tcf -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\backups\backup-20060213-185647-263.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\backups\backup-20060213-185647-384.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\drp1.tmp\thnall1m.exe.tcf -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\ln_reco.exe.tcf -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\randreco.exe.tcf -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\temp\lc.exe.tcf -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\localNRD.dll.tcf -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\preInsln.exe.tcf -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\stub_ventjj.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\Olradpzd.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\maoqqsqz.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\nveqbagu.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\yyjrtjrz.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Bpt\BPT.exe -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Bpt\bptre_inst.exe.tcf -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\bcre.exe.tcf -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\bpt.cfg -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\bptre.exe.tcf -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\fecpy.exe.tcf -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\bpc_inst.exe -> Adware.Broadcap : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BPT -> Adware.BroadCastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BPT\121.zip -> Adware.BroadCastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BPT\123.zip -> Adware.BroadCastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BPT\124.zip -> Adware.BroadCastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BPT\131.zip -> Adware.BroadCastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DInstaller2 -> Adware.BroadCastPC : Cleaned with backup (quarantined).
C:\!KillBox\AXFibula.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\Batty\Batty.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Runner.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\!KillBox\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\U3B1bmt5\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\BTB -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\BTB\IEToolbar -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\BTB\IEToolbar\Historysearch -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\BTB\IEToolbar\tb_items -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\Softomate -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\Softomate\BAToolbar -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw101B.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).

rectangle
2006-07-21, 19:08
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw174C.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw1BA1.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw21E7.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw28BA.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw2D7D.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw33D3.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw3AA6.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw3F59.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw4253.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw45AF.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw4C91.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw5116.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw5374.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw579B.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw5CD.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw5E6D.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw62F2.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw6550.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw6977.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw6FEC.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw7480.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw772C.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw7B14.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw81A8.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw863D.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw8917.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw8CE1.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw9365.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw9AF3.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkw9EDC.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwA33.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwA512.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwACDF.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwB0D7.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwB6FE.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwBE6D.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwC2D2.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwC8AB.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwD049.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwD4BE.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwDA97.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwE235.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwE6B9.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwEC73.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwF3E2.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwF857.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\dkwFE5E.tmp.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\uninstall.exe.tcf -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\v2.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\backup\EliteToolBar -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\ms063828754302006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\WINDOWS\justin.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ezPopStub.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nss1A5.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\woinstall.exe.tcf -> Adware.EZula : Cleaned with backup (quarantined).
C:\ezStub.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\fecpy.cfg -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
C:\Program Files\Fen\Fen.dll.tcf -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
C:\Program Files\Fen\t.bak -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\Xcpy1.cfg -> Adware.FlashTrack : Cleaned with backup (quarantined).
C:\WINDOWS\system32\atiiiexx.exe.tcf -> Adware.IEDriver : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cabinet5.exe.tcf -> Adware.IEDriver : Cleaned with backup (quarantined).
C:\WINDOWS\systb.exe.tcf/systb.dll -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\InstaFinder_inst.exe -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN\Reports\38263 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN\Reports\38264 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN\Reports\38265 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\INSTAFIN\Reports\38265\Click -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633262.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633263.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633264.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633265.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633266.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633267.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633268.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633269.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633270.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633271.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633272.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633273.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633274.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633275.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633276.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633277.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633278.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633279.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633280.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633281.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633282.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633283.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633284.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633285.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633286.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633287.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633288.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633289.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633290.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633291.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633292.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633293.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633294.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633295.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633296.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633297.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633298.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

rectangle
2006-07-21, 19:08
C:\RECYCLER\NPROTECT\06633299.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633300.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633301.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633302.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633303.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633304.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633305.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633306.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633307.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633308.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633309.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633310.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633311.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633312.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633314.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633315.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633316.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633317.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633318.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633319.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633320.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633321.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633322.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633323.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633325.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633326.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\mc-67-525-0000166.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\mc-67-525-0000166.exe.tcf -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Download\mc-67-525-0000166.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\backups\backup-20051019-071047-410.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\ICD6.tmp\elite.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\eliteunstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\elos.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\noC=.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\backups\backup-20060205-025356-249.dll -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\9Wqiov7.exe.tcf -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\bANm.dll -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\v.exe.tcf -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\wukJEgD.dll -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit1A5.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit1A5.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit1D.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit1D.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit28.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mit28.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\!KillBox\PSHope.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\!KillBox\mshta.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Application Data\iwrl.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\rs.exe.tcf -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633948.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\backups\backup-20060213-185646-933.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\backups\backup-20060220-123941-448.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\VVSN_STAT0641Inst.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\searchlocate.exe -> Adware.Sidesearch : Cleaned with backup (quarantined).
C:\backups\backup-20060205-025355-243.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\0wao06rs.dll -> Adware.Sud : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\B8C2F.tmp/dgfgql.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633912.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633914.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633954.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i10.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i12.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i13.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i19.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i29.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i2C.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i3E.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i3F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i4C.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i4D.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i58F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i5D3.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i6.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i7.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i89.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i8A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\iB.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\iE0.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\iE1.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633918.exe -> Adware.Surfside : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\u43.tmp -> Adware.Surfside : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\u45.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-1957994488-725345543-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fozr\fozrd\fozrc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aclui872.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\advapi32.exe.tcf -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cabview9.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).

rectangle
2006-07-21, 19:09
C:\Documents and Settings\Pawl\Local Settings\Temp\TBPS.exe.tcf -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\common.dll.tcf -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\temp.cab/TBPS.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\temp.cab/common.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\temp.cab/toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\toolbar.dll.tcf -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\InetGet\stubSafull.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\temp\WinAdCtlInstPack.exe.tcf -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\5gN.exe.tcf -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\JZoKkfc.exe.tcf -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~737587.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~814129.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~924553.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~955347.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\!KillBox\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\!KillBox\nwinrqez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\!KillBox\pqdsregn.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\pf78bb.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mwinmsag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mwinmsap.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nwinrqaf.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nwinsqag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\prdsregs.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psdsregr.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pwintqaf.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rldsregk.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Error during cleaning.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLMBMHCJ\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLMBMHCJ\AppWrap[2].exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lockbr.exe -> Backdoor.IRCBot.ll : Cleaned with backup (quarantined).
C:\WINDOWS\newname10.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname8.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard10.exe -> Downloader.Adload.am : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\drs.exe -> Downloader.Adload.j : Cleaned with backup (quarantined).
C:\Install.exe/drs.exe -> Downloader.Adload.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\MONEY1.exe -> Downloader.Adload.t : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostrun.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\acledit1.exe.tcf -> Downloader.Agent.adz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adsnt097.exe.tcf -> Downloader.Agent.adz : Cleaned with backup (quarantined).
C:\WINDOWS\polmx3.exe.tcf -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\gokm.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
C:\aebcq9z5w.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w001bf34.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w0020371.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w00958a3.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\3736206_3708_1748_3768_75.41.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\65814_700_1716_2480_75.41.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\65830_380_2012_492_75.41.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66024_700_1716_2508_75.41.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_251D.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_45E8.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_48A7.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_6915.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_6D9E.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_82F5.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_96F0.tmp -> Downloader.Agent.tv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fmista.exe.tcf -> Downloader.Apropo.n : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dx3topl.exe.tcf -> Downloader.Apropo.o : Cleaned with backup (quarantined).
C:\temp\optimize.exe.tcf -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\wupdt.exe.tcf -> Downloader.Intexp.a : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633951.exe -> Downloader.PurityScan.cm : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f15083640.exe -> Downloader.Qoologic.ac : Cleaned with backup (quarantined).
C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\tm56036.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temporary Internet Files\Content.IE5\0PYJO9YB\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\baby pawl\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\baby pawl\Local Settings\Temporary Internet Files\Content.IE5\CT5HLR5Y\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f100562.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f100718.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f111375.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f1569671.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f246843.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f70968.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\f73453.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uagcq.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[716] C:\WINDOWS\System32\ujryvkf.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\27.exe\27.exe -> Downloader.RPV.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\btv_1001.exe -> Downloader.RVP.e : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\bcre.cfg -> Downloader.RVP.e : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\breg.cfg -> Downloader.RVP.e : Cleaned with backup (quarantined).
C:\!KillBox\svchostsys.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\gimmysmileys1.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\s_install_ID8.exe -> Downloader.Small.aav : Cleaned with backup (quarantined).
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winrun.exe -> Downloader.Small.bnz : Cleaned with backup (quarantined).
C:\Program Files\Common Files\InetGet2\mc-67-525-0000166.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mc-67-525-0000166.exe.tcf -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\MTE4MjM6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\MTE4MTU6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\ac2_0006.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\explorer.exe -> Downloader.Small.cts : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\TVM_B5.EXE.tcf -> Downloader.Small.wk : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\conscorr.cab/conscorr.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\conscorr.exe.tcf -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\i21E.tmp -> Downloader.Totavel.a : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fozr\fozrp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fozr\fozra.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fozr\fozrm.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fozr\fozrl.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard8.exe -> Downloader.VB.aaa : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard9.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad9.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\newname12.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\newname13.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\newname9.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard12.exe -> Downloader.VB.abd : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard13.exe -> Downloader.VB.abj : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\WINDOWS\newname17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\newname17.exe -> Downloader.VB.aci : Cleaned with backup (quarantined).
C:\!KillBox\sys02543038287.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\!KillBox\win3207828754303.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\win32063828754302006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Cxe0o.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\system32\IooziL8g.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Qbh53q.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\system32\QvtZS.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Rox624U2.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\system32\YsiMH2.exe.tcf -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\WINDOWS\errorhandler.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\newname3.exe -> Downloader.VB.ri : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mmxleeman.exe -> Downloader.VB.sh : Cleaned with backup (quarantined).
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup (quarantined).
C:\WINDOWS\surv3.exe -> Downloader.VB.vv : Cleaned with backup (quarantined).
C:\WINDOWS\winsysupd10.exe -> Downloader.VB.wg : Cleaned with backup (quarantined).
C:\WINDOWS\winsysupd6.exe -> Downloader.VB.wg : Cleaned with backup (quarantined).
C:\gimmysmileys.exe -> Downloader.VB.xu : Cleaned with backup (quarantined).
C:\keyboard.exe -> Downloader.VB.xv : Cleaned with backup (quarantined).
C:\keyboard1.exe -> Downloader.VB.ys : Cleaned with backup (quarantined).
C:\keyboard3.exe -> Downloader.VB.yv : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard5.exe -> Downloader.VB.zl : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~294032.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~307563.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~452350.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~519097.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~532536.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~662824.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~668597.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~671138.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~672555.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~674407.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~677444.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~682223.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~686441.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~696009.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~709821.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~787722.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~801624.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\~832192.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\302.exe -> Dropper.Agent.anu : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\LottoFun.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wm.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\temp\KB887472-x86.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UBV2YM6E\setup_file[1].exe -> Dropper.Agent.za : Cleaned with backup (quarantined).
C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).

rectangle
2006-07-21, 19:09
C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633952.EXE -> Dropper.VB.mz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup (quarantined).
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Desktop\Unused Desktop Shortcuts\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup (quarantined).
C:\WINDOWS\winsysupd5.exe -> Hijacker.StartPage.ahg : Cleaned with backup (quarantined).
C:\WINDOWS\pzbmtkwA.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\mousepad.exe -> Hijacker.VB.li : Cleaned with backup (quarantined).
C:\mousepad1.exe -> Hijacker.VB.li : Cleaned with backup (quarantined).
C:\mousepad3.exe -> Hijacker.VB.lv : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad12.exe -> Hijacker.VB.mo : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad13.exe -> Hijacker.VB.mo : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\ICD2.tmp\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\Documents and Settings\Pawl\Local Settings\Temp\ICD3.tmp\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\Documents and Settings\Pawl\Local Settings\Temp\ICD4.tmp\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\Documents and Settings\Pawl\Local Settings\Temp\ICD5.tmp\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Ignored.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
:mozilla.6:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@wholesalemarketer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.126:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.219:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.222:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.223:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.106:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.107:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.179:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.180:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.181:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.182:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.183:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.42:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@www.cj[1].txt -> TrackingCookie.Cj : Cleaned.
:mozilla.24:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.31:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.32:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.33:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.34:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.87:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.25:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.85:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.120:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.210:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.60:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.61:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.62:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.10:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.11:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.12:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.27:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.34:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.35:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.36:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.37:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.38:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.7:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.8:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.9:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.70:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.121:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.122:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.66:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.67:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.68:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Pawl\Local Settings\Temp\Cookies\pawl@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.133:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.134:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.135:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.6:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\kq70tmv8.pawl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.7:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\kq70tmv8.pawl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.8:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\kq70tmv8.pawl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.218:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.236:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.237:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.83:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.84:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.109:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.110:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.54:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.55:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.56:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

rectangle
2006-07-21, 19:10
C:\Documents and Settings\Pawl\Cookies\pawl@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Pawl\Local Settings\Temp\Cookies\pawl@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.118:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.119:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.120:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.58:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.59:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.136:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.137:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.138:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.139:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.140:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.141:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.142:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.143:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.131:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ads01.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.35:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.36:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.133:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.134:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.135:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.136:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.116:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.36:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.38:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.40:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.124:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.125:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.104:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.106:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.107:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.16:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.17:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.18:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.19:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.20:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.142:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.112:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.113:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.149:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.150:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.151:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.153:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.154:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.155:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.156:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.157:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.81:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.158:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.159:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.160:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.126:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.127:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.128:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.129:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.130:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.65:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.66:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.67:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.68:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.69:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.101:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.174:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.176:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.177:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

rectangle
2006-07-21, 19:11
:mozilla.197:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.198:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.199:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.200:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.201:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.202:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.203:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.6:C:\Documents and Settings\baby pawl\Application Data\Mozilla\Firefox\Profiles\2hdxlf4i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.109:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.110:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.111:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.112:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.113:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\je0mfull.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.184:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.185:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.186:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.187:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.188:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.189:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.190:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.191:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.192:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.193:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.194:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.195:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.41:C:\Documents and Settings\Pawl\Application Data\Mozilla\Firefox\Profiles\qyw5kx2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Pawl\Cookies\pawl@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\baby pawl\Cookies\baby pawl@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Pawl\Local Settings\Temp\197186_2836_1204_3208_79.41.tst1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\3736206_3708_1748_3768_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\65814_700_1716_2480_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\65830_380_2012_492_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66024_700_1716_2508_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\6619854_1188_212_2536_79.41.tst1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\131364_888_228_1340_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\131454_1364_416_3072_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\196796_66048_1708_66280_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\196850_43568_3008_43700_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2425164_58856_72560_72696_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2425164_58856_72560_72892_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\262686_5196_3364_5324_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\3015346_58856_72560_72916_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\394096_42624_156_42904_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\394320_24252_360_24328_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\524502_73480_360_70036_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\65814_700_1740_2492_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66024_700_1740_2520_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66024_700_1740_2524_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66030_412_728_2532_76.41.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_11A.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_1298.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_16CF.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_1D34.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_23F7.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_28AB.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_2F10.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_35F3.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_3A97.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_3D91.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_40FC.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_46BB.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_47DE.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_4C63.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_4EC1.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_52D8.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_5631.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_580.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_59AB.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_5E2F.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_609D.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_64C4.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_66A5.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_6831.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_6B29.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_6FBD.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_7279.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_7642.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_7866.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_7B50.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_7CC6.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_8464.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_882D.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_8EC2.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_9640.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_9A29.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_A06F.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_A81C.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_AC34.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_B25A.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_B58.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_B9BA.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_BE1F.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_C3E8.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_CA64.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_CB16.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_CB96.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_D01A.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_D5E4.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_D606.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_DBA7.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_DD53.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_E1D7.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_E7C0.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_EF2F.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_F3A4.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\k_F9AB.tmp -> Trojan.EliteBar.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1114766_332_336_3456_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1115832_3368_2024_2968_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1311654_412_1912_3260_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\131404_2812_564_2916_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\133432_3368_2024_2092_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\133644_3368_2024_1320_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\133778_3368_2024_1012_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\134104_3368_2024_1768_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\134300_3368_2024_1592_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1378432_3628_2752_892_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1575074_3628_2752_3932_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1704150_2176_372_1404_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1900762_412_1912_3452_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1967420_3368_2024_3028_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\1967580_3368_2024_3784_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\196798_5456_3064_4740_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\197010_2112_396_2904_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\197186_2836_1204_3208_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\198840_3368_2024_2432_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\199818_3368_2024_1448_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2031844_3628_2752_2288_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2162970_3368_2024_2564_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2360050_5456_3064_688_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2426332_289724_1472_289804_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\2622354_3368_2024_3432_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\264512_3368_2024_3212_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\264922_3628_2752_384_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\3735796_3368_2024_3460_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\395960_3368_2024_1652_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).

rectangle
2006-07-21, 19:12
C:\Documents and Settings\Pawl\Local Settings\Temp\4393428_3628_2752_1452_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\459530_3160_928_3444_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\462162_3628_2752_2512_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\4720320_3628_2752_816_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\526180_3840_372_2352_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\5375256_2424_1672_3244_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\592236_3628_2752_2024_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\655462_2424_1672_2680_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66182_2168_2416_4080_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\6619854_1188_212_2536_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66218_2612_996_2844_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\66384_3220_2060_3452_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\786612_1220_1772_2824_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\853250_332_336_2956_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\918690_4276_1204_4332_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\xz.bat -> Trojan.KillProc.a : Cleaned with backup (quarantined).
C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\Install.exe/kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\!update.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633949.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\B8C2F.tmp/klsx9e.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\06633915.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\413_615.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\!KillBox\63656067636165.exe -> Trojan.VB.aft : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup (quarantined).
C:\WINDOWS\gimmygames10.exe -> Trojan.VB.ajj : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad8.exe -> Trojan.VB.ali : Cleaned with backup (quarantined).
C:\Documents and Settings\Pawl\Local Settings\Temp\mw_4s_stub.exe -> Trojan.VB.kq : Cleaned with backup (quarantined).
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\Program Files\Common Files\simtest\sysstall.exe -> Trojan.Zapchast.bl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lockx.exe -> Worm.Pakes : Cleaned with backup (quarantined).


::Report end

rectangle
2006-07-21, 19:13
Logfile of HijackThis v1.99.1
Scan saved at 12:13:19 PM, on 7/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\flide.exe
C:\WINDOWS\System32\ocryfc.exe
C:\WINDOWS\System32\flide.exe
C:\WINDOWS\System32\flide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\flide.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qhphpht.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [otvqea] C:\WINDOWS\System32\ocryfc.exe reg_run
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [kqdrg] C:\WINDOWS\System32\ocryfc.exe reg_run
O4 - Global Startup: hkdal.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

LonnyRJones
2006-07-21, 19:26
We are getting closer

Set windows to show hidden extensions file's and folder's.
click for> instructions<. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Manualy delete these folders if they still exist
C:\Program Files\InetGet2
C:\Program Files\Bpt
C:\Program Files\Batty
C:\Program Files\FCAdvice
C:\Program Files\Fen
C:\Program Files\whInstall
C:\Program Files\Common Files\fozr
C:\Program Files\Common Files\svchostsys
C:\Program Files\AXFibula
C:\Program Files\PSHope
C:\WINDOWS\U3B1bmt5

Repeat running BFU and the Alcra PLUS Remover(no need for safe mode this time.
http://forums.spybot.info/showpost.php?p=34098&postcount=12
Run Killbox go tools delete temp files when its finisged close killbox
Restart your PC

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

tashi
2006-07-25, 17:08
rectangle how is it going?

rectangle
2006-07-27, 19:58
hey sorry im on it ill post the log in a sec

rectangle
2006-07-27, 20:17
Start Time= Thu 07/27/2006 13:07:13.89
Running from: C:\Documents and Settings\Pawl\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

13:09:58.35

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\System32\ocryfc.exe
C:\WINDOWS\System32\flide.exe
C:\WINDOWS\system32\qhphpht.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-21 11:57:30 127,488 "C:\WINDOWS\system32\ocryfc.exe"
2006-07-22 02:05:44 28,672 "C:\WINDOWS\system32\flide.exe"
2006-07-22 02:05:44 51,712 "C:\WINDOWS\system32\ujryvkf.dll"
2006-07-21 11:57:30 127,488 "C:\WINDOWS\system32\uagcq.dat"
2006-07-26 18:52:28 427 "C:\WINDOWS\nxxgv.dll"
2006-05-07 20:35:14 53 "C:\WINDOWS\wqlpnc.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07/21/2006 11:57 AM 127,488 ocryfc.exe.vir
07/21/2006 11:57 AM 127,488 uagcq.dat.vir
07/22/2006 02:05 AM 51,712 ujryvkf.dll.vir
07/22/2006 02:05 AM 28,672 flide.exe.vir
05/07/2006 08:35 PM 53 wqlpnc.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-26 18:52:28 427 "C:\WINDOWS\nxxgv.dll"
2006-07-22 02:05:44 28,672 "C:\RECYCLER\NPROTECT\06637740.VIR"
2006-07-21 11:57:30 127,488 "C:\RECYCLER\NPROTECT\06637742.VIR"
2006-07-21 11:57:30 127,488 "C:\RECYCLER\NPROTECT\06637744.VIR"
2006-07-22 02:05:44 51,712 "C:\RECYCLER\NPROTECT\06637746.VIR"


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\baby pawl\Application Data\Sskcwrd.dll
C:\Documents and Settings\baby pawl\Application Data\Sskknwrd.dll
C:\Documents and Settings\baby pawl\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Guest\Application Data\Sskknwrd.dll
C:\Documents and Settings\Guest\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Pawl\Application Data\Sskcwrd.dll
C:\Documents and Settings\Pawl\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



13:14:07.29
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\snowball wars


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-26 18:52:28 427 ( A.... ) "C:\WINDOWS\nxxgv.dll"
2006-07-21 10:57:06 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-21 10:32:08 ( .D... ) "C:\Program Files\BitLord"
2006-07-17 13:51:10 2 ( A.... ) "C:\WINDOWS\system32\wnsapisu.exe"
2006-07-11 15:32:36 ( .D... ) "C:\Program Files\Common Files\F?nts"
2006-07-11 03:59:58 33012 ( A.... ) "C:\WINDOWS\system32\tpuninstall.exe"
2006-06-29 10:07:36 61440 ( A.... ) "C:\WINDOWS\system32\BattyRun.dll"
2006-06-07 20:38:56 915 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-06-07 20:38:20 ( .D... ) "C:\Program Files\Common Files\s?curity"
2006-06-01 18:06:08 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-05-30 06:50:28 ( .D... ) "C:\Program Files\Windows"
2006-05-14 18:20:42 48191 ( A.... ) "C:\WINDOWS\WPRE.exe"
2006-05-07 18:36:18 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-05-02 17:45:22 57344 ( A.... ) "C:\WINDOWS\system32\SDRunner.dll"
2006-04-30 20:22:06 188416 ( A.... ) "C:\WINDOWS\system32\BMG5.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-06-29 10:07 61,440 C:\WINDOWS\system32\BattyRun.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"DeadAIM"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="C:\\Valve\\Steam\\Steam.exe -silent"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\WINDOWS\\System32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

rectangle
2006-07-27, 20:17
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,98,00,00,00,00,00,00,00,e8,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpt"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Bpt\\bpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DI2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="27"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\Pawl\\LOCALS~1\\Temp\\27.exe\\27.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeCPY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fecpy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\fecpy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oamvjuvjuniwy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kyemtiqs"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\kyemtiqs.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCpr0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebCpr0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Cpr\\WebCpr0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\WinTools\\WToolsA.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Thu 07/27/2006 13:14:35.28
ComboFix ver 06.07.15/27 - This logfile is located at C:\ComboFix.txt

LonnyRJones
2006-07-28, 03:05
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4
;
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPT]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DI2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeCPY]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oamvjuvjuniwy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCpr0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Manualy delete these files and folders at only these locations
C:\WINDOWS\System32\ad.html
C:\WINDOWS\nxxgv.dll
C:\WINDOWS\system32\wnsapisu.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\WPRE.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\SDRunner.dll
C:\WINDOWS\system32\BMG5.exe
C:\Program Files\Common Files\Fonts
C:\Program Files\Common Files\security
C:\Program Files\Windows

C:\Program Files\Common Files\partypoker <Optional uninstall the program then delete its folder

Why havent you updated windows lately ?

Post back with another new hijackthis log, mention any current problems.

rectangle
2006-07-28, 22:40
Logfile of HijackThis v1.99.1
Scan saved at 3:34:26 PM, on 7/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: hkdal.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I havent updated windows in a while because I was unable to with all the popups going on, and i would always x out the update windows because they would pop up with the pop ups and i wasnt paying attention. I should go update soon.


The only problem i'm having now is that steam (counterstrike) keeps telling me it cannot connect to the master server now, even though its been working fine since we fixed all the adware in my computer. I don't know what could be preventing it from connecting.

LonnyRJones
2006-07-29, 02:38
You have one harmless file hanging out
O4 - Global Startup: hkdal.exe

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.



cd c:\
del /y "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hkdal.exe"
cd "C:\Documents and Settings\All Users\Start Menu\Programs\"
if exist "Startup\hkdal.exe" move /y "Startup\hkdal.exe" c:\
exit

Run check bat

Scan again with hijackthis that item should be gone ?

If that game use xfire messenger perhaps it is the problem, that problem is out of our relm here.

Please do visit windows update and get all crittical updates. it will take more than one visit, always reboot when prompted.
I would enjoy seeing another log afterwards.

tashi
2006-08-02, 19:54
rectangle how is that computer?

rectangle
2006-08-02, 20:54
Logfile of HijackThis v1.99.1
Scan saved at 1:53:35 PM, on 8/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


i ran the thing you gave me. Everything seems pretty fine now. Tell me if theres any more that needs to be done.

LonnyRJones
2006-08-02, 20:59
Windows update :)
You will need to go back several times, always reboot when prompted.

tashi
2006-08-07, 09:46
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.