Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 30.8.2025 / 22:59
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus problems...can't use hijackthis
Show topics
 
Forums
Forums
Virus problems...can't use hijackthis
  Jump to:
 
Posted Message
Page:12Next >
xirt
Newbie
_ 		26. March 2007 @ 14:11 _ Link to this message    Send private message to this user   
I have no idea what to do...so I'm just going to list processes from task manager that seems suspicious. W32BRG55.EXE (User), rundll32.exe (User), Update.exe (User), command.exe (SYSTEM), winlogon.exe(User), csrss.exe (SYSTEM), csrss.exe (User), smss.exe (System). I'm getting popups from IE and my default browser is Firefox and explorer.exe has to restart. Sometimes it'll open another tab and open a popup. I turned on my computer with new shortcuts that seem like spyware and Ad-Aware doesn't detect it so i uninstall it. For some reason my System restore keeps getting disabled. I can't run msconfig or regedit and HijackThis won't work. Sometimes ipwins.exe pops up in the task manager but closes right away and seems i can uninstall it. Outerinfo is installed into my comp but it seems i can uninstall it. One last thing command.exe is a system process so i can't stop process and it seems i can't uninstall it either without downloading something from their site and I don't want to risk that. HELP PLEASE!!! thanks
[ + quote]
Advertisement
_ 		__
KotaGuy
Member
_ 		26. March 2007 @ 17:08 _ Link to this message    Send private message to this user   
Thanks for the info... seems your system is pretty messed up. Before I start fixing things... I'd like to get a deeper look into your computer.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
[ + quote]
xirt
Newbie
_ 		30. March 2007 @ 13:00 _ Link to this message    Send private message to this user   
WinPFind3 logfile created on: 3/30/2007 4:12:39 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\MJ\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1023 Mb Total Physical Memory | 709 Mb Available Physical Memory | 69.35% Memory free
2 Gb Paging File | 2 Gb Available in Paging File | 92.32% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186 Gb Total Space | 7 Gb Free Space | 4.06% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2 Gb Total Space | 0 Gb Free Space | 0.00% Space Free

Computer Name: XIRT
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 12/6/2002 3:07:48 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 5/3/2005 8:05:00 PM | Attr = ]
command.exe -> %SystemRoot%\TUogR2VsbGFkYQ\command.exe -> [Ver = | Size = 293888 bytes | Modified Date = 8/2/2005 4:58:38 PM | Attr = RHS]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 4:05:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
msgplus.exe -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
razerhid.exe -> %ProgramFiles%\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 5/17/2005 5:21:12 PM | Attr = ]
razerofa.exe -> %ProgramFiles%\Razer\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 143360 bytes | Modified Date = 1/18/2005 12:06:12 AM | Attr = ]
sstray.exe -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0362 | Size = 73728 bytes | Modified Date = 8/12/2003 10:25:56 PM | Attr = R ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
update.exe -> %CommonProgramFiles%\{841A7D4E-0726-1033-0520-040310170001}\Update.exe -> [Ver = | Size = 14336 bytes | Modified Date = 3/17/2007 3:40:34 PM | Attr = ]
w32brg55.exe -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE -> [Ver = 1, 0, 1, 2 | Size = 253952 bytes | Modified Date = 6/7/2005 12:50:02 PM | Attr = ]
winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]
zdwlan.exe -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 13, 0, 0 | Size = 475136 bytes | Modified Date = 8/16/2005 3:13:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 5/26/2005 8:49:24 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 3/6/2007 9:05:00 PM | Attr = ]
(Client IP-IPX) Client IP-IPX [Win32_Own | Auto | Running] -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
(cmdService) Command Service [Win32_Own | Auto | Running] -> %SystemRoot%\TUogR2VsbGFkYQ\command.exe -> [Ver = | Size = 293888 bytes | Modified Date = 8/2/2005 4:58:38 PM | Attr = RHS]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 12/6/2002 3:07:48 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 5/3/2005 8:05:00 PM | Attr = ]
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 4:05:02 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
nForce Tray Options -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0362 | Size = 73728 bytes | Modified Date = 8/12/2003 10:25:56 PM | Attr = R ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
razer -> %ProgramFiles%\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 5/17/2005 5:21:12 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
winlogon -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IpWins -> %ProgramFiles%\Ipwindows\ipwins.exe -> File not found
Steam -> -> File not found
winlogon -> -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr = ]
< Windows NT\\Load [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
C:\WINDOWS\System32\upmfqvw\winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
< Windows NT\\Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\run
C:\WINDOWS\System32\upmfqvw\winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 2:06:48 PM | Attr = ]
%AllUsersStartup%\ZDWLan Utility.lnk -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 13, 0, 0 | Size = 475136 bytes | Modified Date = 8/16/2005 3:13:14 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
MsgPlusLoader.dll -> %System32%\MsgPlusLoader.dll -> Patchou [Ver = 3, 63, 4, 0 | Size = 58952 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{54645654-2225-4455-44A1-9F4543D34546} [HKLM] -> %System32%\vbsys2.dll [SystemCheck2] -> [Ver = | Size = 90112 bytes | Modified Date = 1/27/2005 3:35:12 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:20 PM | Attr = ]
< HOSTS File > (2382 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
1.1.1.1 f-secure.com -> ->
1.1.1.1 www.f-secure.com -> ->
1.1.1.1 FTP.f-secure.com -> ->
1.1.1.1 FTP.sophos.com -> ->
1.1.1.1 liveupdate.symantec.com -> ->
1.1.1.1 customer.symantec.com -> ->
1.1.1.1 dispatch.mcafee.com -> ->
1.1.1.1 download.mcafee.com -> ->
1.1.1.1 rads.mcafee.com -> ->
1.1.1.1 mast.mcafee.com -> ->
1.1.1.1 my-etrust.com -> ->
1.1.1.1 www.my-etrust.com -> ->
1.1.1.1 nai.com -> ->
1.1.1.1 www.nai.com -> ->
1.1.1.1 networkassociates.com -> ->
1.1.1.1 secure.nai.com -> ->
1.1.1.1 securityresponse.symantec.com -> ->
1.1.1.1 service1.symantec.com -> ->
1.1.1.1 sophos.com -> ->
1.1.1.1 www.sophos.com -> ->
1.1.1.1 support.microsoft.com -> ->
1.1.1.1 symantec.com -> ->
1.1.1.1 www.symantec.com -> ->
1.1.1.1 update.symantec.com -> ->
1.1.1.1 updates.symantec.com -> ->
1.1.1.1 us.mcafee.com -> ->
1.1.1.1 vil.nai.com -> ->
1.1.1.1 viruslist.com -> ->
1.1.1.1 www.viruslist.com -> ->
1.1.1.1 grisoft.com -> ->
1.1.1.1 www.grisoft.com -> ->
1.1.1.1 free.grisoft.com -> ->
1.1.1.1 trendmicro.com -> ->
1.1.1.1 housecall.trendmicro.com -> ->
1.1.1.1 www.trendmicro.com -> ->
1.1.1.1 pandasoftware.com -> ->
1.1.1.1 www.pandasoftware.com -> ->
1.1.1.1 usa.kaspersky.com -> ->
1.1.1.1 ewido.net -> ->
1.1.1.1 www.ewido.net -> ->
1.1.1.1 zonelabs.com -> ->
1.1.1.1 www.zonelabs.com -> ->
1.1.1.1 bitdefender.com -> ->
1.1.1.1 www.bitdefender.com -> ->
1.1.1.1 download.bitdefender.com -> ->
1.1.1.1 upgrade.bitdefender.com -> ->
1.1.1.1 spywareinfo.com -> ->
1.1.1.1 www.spywareinfo.com -> ->
1.1.1.1 merijn.org -> ->
1.1.1.1 www.merijn.org -> ->
1.1.1.1 sysinternals.com -> ->
1.1.1.1 www.sysinternals.com -> ->
1.1.1.1 onguardonline.gov -> ->
1.1.1.1 www.onguardonline.gov -> ->
1.1.1.1 avast.com -> ->
1.1.1.1 www.avast.com -> ->
1.1.1.1 safety.live.com -> ->
1.1.1.1 www.paretologic.com -> ->
1.1.1.1 paretologic.com -> ->
1.1.1.1 virusscan.jotti.org -> ->
1.1.1.1 services.google.com -> ->
1.1.1.1 www.webroot.com -> ->
1.1.1.1 webroot.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defa...rch/search.html ->
HKLM: Search Page -> ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
click_getmirar.com [http] -> ->
click_getmirar.com [https] -> ->
click_mirarsearch.com [http] -> ->
click_mirarsearch.com [https] -> ->
redirect_mirarsearch.com [http] -> ->
redirect_mirarsearch.com [https] -> ->
awbeta_net-nucleus.com [http] -> ->
awbeta_net-nucleus.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 12:02:04 PM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.3.19.dll [BitComet Helper] -> BitComet [Ver = 20070319 | Size = 398912 bytes | Modified Date = 3/19/2007 2:47:56 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
WebBrowser\\{C1B4DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
{09EA1F80-F40A-11D1-B792-444553540001} -> %ProgramFiles%\Flash saver\save.htm [ButtonText: Flash Saver] -> [Ver = | Size = 236 bytes | Modified Date = 6/28/2004 11:05:44 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
&Save Flash In This Page by Flash Saver -> %ProgramFiles%\Flash saver\save.htm -> [Ver = | Size = 236 bytes | Modified Date = 6/28/2004 11:05:44 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{13196A0A-835C-4A9A-9A01-DA1BBC0C3555} -> () ->
{7E2D9A63-E60A-4DF4-8D9A-3562353A0297} -> (NVIDIA nForce MCP Networking Controller) ->
{7E5F0F28-01B3-484B-A613-D300445B663F} -> (Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45) ->
{80159198-66C0-42FA-82EF-CA02E23647B2} -> (1394 Net Adapter) ->
{A8A0FB38-7ACD-426B-878D-00815D8CD963} -> () ->
{DC976B0E-ED1F-48C6-AAF5-9C92C792D4E6} -> () ->
{F3302830-8473-452B-A386-49EB1C005526} -> ((ZD1211B)IEEE 802.11 b+g USB Adapter) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000162-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0...4B9/wma9dmo.cab ->
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
{24311111-1111-1121-1111-111191113457} -> - CodeBase = file://c:\eied_s7.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{33331111-1111-1111-1111-611111193457} -> - CodeBase = file://c:\ex.cab ->
{33331111-1111-1111-1111-611111193458} -> - CodeBase = file://c:\ex.cab ->
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0...C4D/mp43dmo.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D...D0C/wmv9dmo.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> ZoneBuddy Class - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab ->
{43331111-1111-1111-1111-611111195622} -> - CodeBase = file://c:\ex.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.com/v5...b?1109809435917 ->
{8A0DCBDB-6E20-489C-9041-C1E8A0352E75} -> Mirar_Dummy_ATS1 Class - CodeBase = http://awbeta.net-nucleus.com/FIX/WinATS.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shock...ash/swflash.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> StadiumProxy Class - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab ->
{E4C29FDC-F547-4219-ACFD-571F2A7A564A} -> WebCamTest Class - CodeBase = http://click.mirarsearch.com/CABUPDATES/winwcd.cab ->
{E6187999-9FEC-46A1-A20F-F4CA977D5643} -> ZoneChess Object - CodeBase = http://messenger.zone.msn.com/binary/Chess.cab31267.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Created Date = 3/15/2007 9:18:12 PM | Attr = ]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1056 bytes | Created Date = 3/30/2007 4:08:54 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/17/2007 1:59:28 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/17/2007 1:59:28 AM | Attr = H ]
tc02.exe -> %SystemRoot%\tc02.exe -> [Ver = | Size = 185531 bytes | Created Date = 3/17/2007 3:40:24 PM | Attr = ]
TUogR2VsbGFkYQ -> %SystemRoot%\TUogR2VsbGFkYQ -> [Folder | Created Date = 3/16/2007 7:16:11 PM | Attr = HS]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 3/16/2007 7:16:11 PM | Attr = ]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0334 | Size = 348160 bytes | Created Date = 3/2/2007 2:11:44 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 265728 bytes | Created Date = 3/2/2007 2:53:36 PM | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2511 | Size = 42496 bytes | Created Date = 3/2/2007 2:47:30 PM | Attr = ]
ati2evxx.dll -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Created Date = 3/2/2007 2:47:19 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Created Date = 3/2/2007 2:46:12 PM | Attr = ]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Created Date = 3/2/2007 2:47:35 PM | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0487 | Size = 2824512 bytes | Created Date = 3/2/2007 2:38:53 PM | Attr = ]
ATIDDC.DLL -> %System32%\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Created Date = 3/2/2007 2:45:32 PM | Attr = ]
ATIDEMGX.dll -> %System32%\ATIDEMGX.dll -> ATI Technologies Inc. [Ver = 2.0.2617.28637 | Size = 307200 bytes | Created Date = 3/2/2007 2:54:35 PM | Attr = ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 3/2/2007 2:57:04 PM | Attr = ]
atikvmag.dll -> %System32%\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0052 | Size = 258048 bytes | Created Date = 3/2/2007 2:17:37 PM | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6388 | Size = 5398528 bytes | Created Date = 3/2/2007 2:21:15 PM | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2516 | Size = 118784 bytes | Created Date = 3/2/2007 2:47:51 PM | Attr = ]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Created Date = 3/2/2007 2:16:23 PM | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0144 | Size = 1288960 bytes | Created Date = 3/2/2007 2:29:23 PM | Attr = ]
atmtd.dll -> %System32%\atmtd.dll -> [Ver = | Size = 687592 bytes | Created Date = 3/16/2007 7:16:38 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 3/25/2007 2:49:07 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
netstat.com -> %System32%\netstat.com -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 4:45:44 PM | Attr = HS]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0020 | Size = 110592 bytes | Created Date = 3/2/2007 2:47:42 PM | Attr = ]
SBPoker.ico -> %System32%\SBPoker.ico -> [Ver = | Size = 4286 bytes | Created Date = 3/24/2007 4:45:00 PM | Attr = ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Created Date = 3/16/2007 6:40:28 PM | Attr = ]
taskkill.com -> %System32%\taskkill.com -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 4:45:44 PM | Attr = HS]
tsuninst.exe -> %System32%\tsuninst.exe -> [Ver = | Size = 127578 bytes | Created Date = 3/16/2007 8:22:55 PM | Attr = ]
unsvchosts.exe -> %System32%\unsvchosts.exe -> [Ver = | Size = 2560 bytes | Created Date = 3/16/2007 6:40:28 PM | Attr = ]
upmfqvw -> %System32%\upmfqvw -> [Folder | Created Date = 3/16/2007 4:45:40 PM | Attr = HS]
wnsapiit.exe -> %System32%\wnsapiit.exe -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 8:56:33 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Created Date = 3/2/2007 2:53:19 PM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.10 | Size = 49152 bytes | Created Date = 3/2/2007 2:15:08 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Created Date = 3/2/2007 2:53:19 PM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 40688 bytes | Created Date = 3/2/2007 3:32:36 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Modified Date = 3/15/2007 9:18:14 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/30/2007 4:09:58 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 3/26/2007 5:54:36 PM | Attr = ]
New Folder -> %SystemDrive%\New Folder -> [Folder | Modified Date = 3/12/2007 7:51:54 PM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Modified Date = 3/24/2007 1:53:56 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/23/2007 12:20:56 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/17/2007 1:52:06 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/26/2007 5:20:52 PM | Attr = HS]
TV and Clips -> %SystemDrive%\TV and Clips -> [Folder | Modified Date = 3/13/2007 5:53:04 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/30/2007 4:11:12 PM | Attr = ]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1056 bytes | Modified Date = 3/30/2007 4:08:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/30/2007 4:11:12 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/30/2007 4:11:22 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/26/2007 9:39:32 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/27/2007 12:09:02 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/30/2007 4:09:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 4:09:58 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/13/2007 6:03:30 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 3/29/2007 10:46:06 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/29/2007 10:32:46 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/17/2007 1:59:30 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/30/2007 12:21:44 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/15/2007 9:13:50 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/22/2007 9:26:38 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/30/2007 4:11:06 PM | Attr = ]
tc02.exe -> %SystemRoot%\tc02.exe -> [Ver = | Size = 185531 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/30/2007 4:11:22 PM | Attr = ]
TUogR2VsbGFkYQ -> %SystemRoot%\TUogR2VsbGFkYQ -> [Folder | Modified Date = 3/16/2007 7:16:12 PM | Attr = HS]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 924 bytes | Modified Date = 3/25/2007 10:33:20 PM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 3/30/2007 6:03:02 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 3/24/2007 8:54:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/30/2007 4:11:16 PM | Attr = H ]
ansi.cfg -> %System32%\ansi.cfg -> [Ver = | Size = 0 bytes | Modified Date = 3/26/2007 5:55:12 PM | Attr = ]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0334 | Size = 348160 bytes | Modified Date = 3/2/2007 2:11:46 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 265728 bytes | Modified Date = 3/2/2007 2:53:38 PM | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2511 | Size = 42496 bytes | Modified Date = 3/2/2007 2:47:32 PM | Attr = ]
ati2evxx.dll -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:20 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 3/2/2007 2:47:36 PM | Attr = ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 3/6/2007 9:05:00 PM | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0487 | Size = 2824512 bytes | Modified Date = 3/2/2007 2:38:54 PM | Attr = ]
ATIDDC.DLL -> %System32%\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Modified Date = 3/2/2007 2:45:34 PM | Attr = ]
ATIDEMGX.dll -> %System32%\ATIDEMGX.dll -> ATI Technologies Inc. [Ver = 2.0.2617.28637 | Size = 307200 bytes | Modified Date = 3/2/2007 2:54:36 PM | Attr = ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Modified Date = 3/2/2007 2:57:04 PM | Attr = ]
atikvmag.dll -> %System32%\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0052 | Size = 258048 bytes | Modified Date = 3/2/2007 2:17:38 PM | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6388 | Size = 5398528 bytes | Modified Date = 3/2/2007 2:21:16 PM | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2516 | Size = 118784 bytes | Modified Date = 3/2/2007 2:47:52 PM | Attr = ]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Modified Date = 3/2/2007 2:16:24 PM | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0144 | Size = 1288960 bytes | Modified Date = 3/2/2007 2:29:24 PM | Attr = ]
atmtd.dll -> %System32%\atmtd.dll -> [Ver = | Size = 687592 bytes | Modified Date = 3/16/2007 7:16:40 PM | Attr = ]
atmtd.dll._ -> %System32%\atmtd.dll._ -> [Ver = | Size = 687592 bytes | Modified Date = 3/16/2007 7:16:40 PM | Attr = ]
BitCometRes.dll -> %System32%\BitCometRes.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 3/30/2007 3:16:50 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/30/2007 4:08:44 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 3/25/2007 2:49:08 AM | Attr = ]
CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 3/29/2007 10:31:28 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/15/2007 9:13:54 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 3/15/2007 9:13:42 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/30/2007 4:09:12 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/30/2007 4:09:08 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 150792 bytes | Modified Date = 3/27/2007 5:48:00 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
netstat.com -> %System32%\netstat.com -> [Ver = | Size = 2 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = HS]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0020 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:44 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 3/26/2007 5:20:52 PM | Attr = ]
SBPoker.ico -> %System32%\SBPoker.ico -> [Ver = | Size = 4286 bytes | Modified Date = 3/24/2007 4:45:02 PM | Attr = ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
taskkill.com -> %System32%\taskkill.com -> [Ver = | Size = 2 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = HS]
unsvchosts.exe -> %System32%\unsvchosts.exe -> [Ver = | Size = 2560 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
upmfqvw -> %System32%\upmfqvw -> [Folder | Modified Date = 3/30/2007 4:12:40 PM | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/15/2007 9:13:50 PM | Attr = ]
wnsapiit.exe -> %System32%\wnsapiit.exe -> [Ver = | Size = 2 bytes | Modified Date = 3/22/2007 8:22:30 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 3/29/2007 7:24:44 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Modified Date = 3/2/2007 2:53:20 PM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.10 | Size = 49152 bytes | Modified Date = 3/2/2007 2:15:10 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Modified Date = 3/2/2007 2:53:20 PM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 40688 bytes | Modified Date = 3/2/2007 3:32:38 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/30/2007 4:11:50 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 432 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 2382 bytes | Modified Date = 3/23/2007 6:10:30 AM | Attr = HS]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\mplayerc.exe -> Gabest [Ver = 6, 4, 8, 2 | Size = 1340416 bytes | Modified Date = 3/28/2004 6:46:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.47.0.0 | Size = 69120 bytes | Modified Date = 8/22/2004 4:04:56 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\stb.exe -> [Ver = | Size = 10240 bytes | Modified Date = 2/10/2004 11:30:44 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
aspack , -> %System32%\d2jsp.dll -> [Ver = | Size = 77824 bytes | Modified Date = 2/26/2005 5:31:26 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\fmod.dll -> Firelight Firelight Technologies Pty, Ltd [Ver = 3.7 | Size = 147968 bytes | Modified Date = 9/16/2003 12:57:34 PM | Attr = ]
WinShutDown , ad-w-a-r-e.com , Thawte Consulting , -> %System32%\guard.tmp -> [Ver = | Size = 236041 bytes | Modified Date = 1/22/2006 2:51:28 AM | Attr = ]
aspack , -> %System32%\Hypnoloop.scr -> Axialis Software [Ver = 3, 5, 4, 0 | Size = 1430055 bytes | Modified Date = 6/2/2005 4:26:20 PM | Attr = ]
aspack , -> %System32%\rocknrolldiner.scr -> Axialis Software [Ver = 3, 5, 6, 0 | Size = 1174164 bytes | Modified Date = 9/7/2005 7:21:02 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]

< End of report >
[ + quote]
KotaGuy
Member
_ 		30. March 2007 @ 16:10 _ Link to this message    Send private message to this user   
OK... you have some serious infections in there. Including a backdoor that allows full control over your computer and drops a keylogger to record your keystrokes to a file and sends it off to the attacker.

Because of this you should probably notify your financial institution about possible fraudulent transactions and from a clean computer change all your passwords you use for any online shopping/banking/etc.

Your safest course of action may be to format the hard drive and reinstall Windows.

Let me know what you decide to do.
[ + quote]
xirt
Newbie
_ 		30. March 2007 @ 17:13 _ Link to this message    Send private message to this user   
Well this computer is just mine to enjoy. It doesn't have any account or data that's important because most of my hard drive is made up of games and music and schoolwork. Thanks for your work, I'll probably check on that and I'll think about reformatting.
[ + quote]
KotaGuy
Member
_ 		30. March 2007 @ 17:38 _ Link to this message    Send private message to this user   
OK... let me know what you decide.

If you decide you would like me to try and clean it I will. Can't guarantee its security afterwards though as I have no way of really knowing the full extent of damage done by the backdoor.
[ + quote]
xirt
Newbie
_ 		31. March 2007 @ 06:51 _ Link to this message    Send private message to this user   
Well, I decided to reformat. This way I can insure a clean computer. Currently I'm backing up most of my wanted files onto my 2nd hard drive and I'm going to piggy back the rest onto someone else's when I get a chance. All I need is to find someone with an XP cd without service pack 2 :P. Thanks for your help.
[ + quote]
KotaGuy
Member
_ 		31. March 2007 @ 08:09 _ Link to this message    Send private message to this user   
OK... good luck with the reinstall.
[ + quote]
xirt
Newbie
_ 		9. April 2007 @ 18:51 _ Link to this message    Send private message to this user   
Alright I finally got around to finishing up my reinstallment, but I went into my task manager and I found Update.exe, ipwins.exe, riuwm.exe, riuwa.exe and idk how that happened...
[ + quote]
KotaGuy
Member
_ 		9. April 2007 @ 19:13 _ Link to this message    Send private message to this user   
Did you format the Hard Drive before you reinstalled or as part of the reinstall itself?

If you did... everything should have been wiped clean. In which case the only thing I can think of is something you have installed after reinstalling windows has infected you or a site you visited did.

Can you post a HijackThis log?
[ + quote]
xirt
Newbie
_ 		9. April 2007 @ 19:17 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:16:07 PM, on 4/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\WGlydA\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
C:\PROGRA~1\COMMON~1\riuw\riuwa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ICROSO~1.NET\regedit.exe
C:\Documents and Settings\MJ\My Documents\?dobe\?hkntfs.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\mshearts.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {68E0AF67-14A3-4A51-AB4D-6AE33CE1A99E} - C:\WINDOWS\System32\sabb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O4 - HKCU\..\Run: [Awna] "C:\WINDOWS\ICROSO~1.NET\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Vissst] "C:\Documents and Settings\MJ\My Documents\?dobe\?hkntfs.exe"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176159801359
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WGlydA\command.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 7462 bytes

I have reformated my computer and so far I've only installed drivers and some software like WinRAR, Microsoft Office, Winamp, Nero, ect.
[ + quote]
KotaGuy
Member
_ 		9. April 2007 @ 19:38 _ Link to this message    Send private message to this user   
Gotta be a site you've visited then

Run HijackThis. Click the Misc Tools button. Click the Uninstall Manager button. Then the Save List button. Save the list to your Desktop.

Copy/paste the contents of it in your next reply please.
[ + quote]
xirt
Newbie
_ 		9. April 2007 @ 19:40 _ Link to this message    Send private message to this user   
Ad-Aware 6 Professional
Adobe Acrobat 5.0
Apple Software Update
ASUS Probe V2.21.08
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
BitComet 0.85
Collab
Command
DVD Decrypter (Remove Only)
FL Studio 6
Flash saver 5.5
foobar2000
Gaim (remove only)
Google Talk (remove only)
Google Video Player
GTK+ Runtime 2.4.13 rev a (remove only)
Hamachi 1.0.0.56
HijackThis 2.0.0
iTunes
Logitech iTouch Software
Logitech Resource Center
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0.0.3)
Nero 6 Demo
Network Monitor
Nintendo WIFI Max
NVIDIA nForce Drivers
NVIDIA System Utility
Outerinfo
Outerinfo
QuickTime
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Spybot - Search & Destroy 1.2
TargetSaver
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.2
webHancer Customer Companion
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
WinRAR archiver
ZyDAS IEEE 802.11 b+g Wireless LAN - USB
[ + quote]
KotaGuy
Member
_ 		9. April 2007 @ 20:08 _ Link to this message    Send private message to this user   
Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

Command
Network Monitor
Outerinfo
Outerinfo
TargetSaver
webHancer Customer Companion

1. Please download AVG Anti-Spyware
[*]Install AVG Anti-Spyware
[*]Launch the program, there should be an icon on your desktop, double-click it.
[*]The program will now open to the main screen.

You will need to update AVG Anti-Spyware to the latest definition files.

[*]On the left hand side of the main screen click update.
[*]Then click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
[*]Exit AVG Anti-Spyware, do not run the scan yet!

2. Please download Brute Force Uninstaller to your desktop.
[*]Right click the BFU folder on your desktop, and choose Extract All
[*]Click "Next"
[*]In the box to choose where to extract the files to,
[*]Click "Browse"
[*]Click on the + sign next to "My Computer"
[*]Click on "Local Disk (C:) or whatever your primary drive is
[*]Click "Make New Folder"
[*]Type in BFU
[*]Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open AVG Anti-Spyware:

[*]Click on scanner
[*]Click on Complete System Scan and the scan will begin.
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

[*] Start the Brute Force Uninstaller by doubleclicking BFU.exe
[*] Behind the scriptline to execute field click the folder icon
and select alcanshorty.bfu
[*] Press Execute and let the program do it?s job. (You ought to see a progress bar if you did this correctly.)
[*]Wait for the complete script execution box to pop up and press OK.
[*]Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of AVG Anti-Spyware text report that you saved and a new HijackThis log.
[ + quote]

This message has been edited since posting. Last time this message was edited on 9. April 2007 @ 20:09
xirt
Newbie
_ 		10. April 2007 @ 03:48 _ Link to this message    Send private message to this user   
When I click Remove when Command is highlighted it prompts me if I'm sure I want to remove it and I click yes. Then Firefox pops up with a new tab to this address http://command.adservs.com/uninstall.php. Is it safe to download the uninstaller?
[ + quote]
KotaGuy
Member
_ 		10. April 2007 @ 05:16 _ Link to this message    Send private message to this user   
Actually... I'm not sure... I haven't heard of that happening. I would forego that step just to be safe. Some uninstallers install more junk on your system.

Regardless... the BFU script I'm asking you to run will kill it off... or should anyways ;)
[ + quote]
xirt
Newbie
_ 		11. April 2007 @ 15:21 _ Link to this message    Send private message to this user   
I had to do 2 scans because I messed up the first time because it didn't give me the option to "Apply all actions", and I figured it out the second time. So I'm going to post both reports if you don't mind.
Sorry for the inconvenience :P.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:55:22 AM 4/11/2007

+ Scan result:



C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\UnInstall.exe -> Adware.888Bar : Ignored.
C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\Bar888.dll -> Adware.Bar888 : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\cmdinst.exe -> Adware.CommAd : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\056FO1E7\installer[1].exe -> Adware.CommAd : Ignored.
C:\WINDOWS\WGlydA\asappsrv.dll -> Adware.CommAd : Ignored.
C:\WINDOWS\WGlydA\command.exe -> Adware.CommAd : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002694.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002538.dll -> Adware.PurityScan : Ignored.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b122.exe -> Adware.Softomate : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\122[1].net -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Ignored.
C:\RECYCLER\S-1-5-21-1409082233-1035525444-725345543-1004\Dc3\Update.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002696.dll -> Adware.TargetServer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b129.exe -> Adware.WebHancer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\129[1].net -> Adware.WebHancer : Ignored.
C:\Program Files\webHancer -> Adware.Webhancer : Ignored.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Ignored.
C:\Program Files\webHancer\Programs\whAgent.ini -> Adware.Webhancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002699.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002700.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002701.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002702.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002315.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002316.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002317.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Ignored.
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\setar-101[1].0000 -> Adware.Yazzle : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002693.exe -> Downloader.Age : Ignored.
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Ignored.
D:\Downloads\MSN Plus!\install.exe -> Downloader.Agent.bdr : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\A0001740.exe -> Downloader.Purity.dz : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b128.exe -> Downloader.PurityScan.eh : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\128[1].net -> Downloader.PurityScan.eh : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002540.exe -> Downloader.PurityScan.eh : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\104[1].net -> Downloader.Small.buy : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002546.exe -> Downloader.TSUpdate.f : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002695.exe -> Downloader.TSUpdate.l : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002658.exe -> Downloader.TSUpdate.n : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\103[1].net -> Downloader.TSUpdate.o : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002545.exe -> Downloader.TSUpdate.r : Ignored.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
:mozilla.101:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
:mozilla.32:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.6:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.7:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.8:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored.
:mozilla.44:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.53:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.54:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.55:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.56:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.100:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.87:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.92:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.93:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.99:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.47:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.78:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.79:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.80:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.81:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.82:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.83:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.84:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.63:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.64:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.65:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.66:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.37:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.46:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nb5m5uzj.default\cookies.txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.88:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.89:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.90:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.91:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.85:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.86:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@real[1].txt -> TrackingCookie.Real : Ignored.
:mozilla.45:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.94:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.95:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.96:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.97:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.98:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.18:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.19:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.20:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.21:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.22:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.23:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.43:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.48:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.49:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.50:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.51:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.52:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002541.exe -> Trojan.Small : Ignored.
C:\WINDOWS\WGlydA\q35VxE.vbs -> Trojan.Small : Ignored.
C:\WINDOWS\system32\wcpisvtr.exe -> Trojan.Small : Ignored.
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Ignored.
C:\Documents and Settings\MJ\My Documents\My Received Files\GDCS_1.4MODDED.rar/GDCS.exe -> Worm.Mytob.bt : Ignored.
D:\CSS stuff\CSS hack\GDCS.exe -> Worm.Mytob.bt : Ignored.


::Report end

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:07:39 PM 4/11/2007

+ Scan result:



C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\UnInstall.exe -> Adware.888Bar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\Bar888.dll -> Adware.Bar888 : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\cmdinst.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\056FO1E7\installer[1].exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002694.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002538.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\122[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1409082233-1035525444-725345543-1004\Dc3\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002696.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b129.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\129[1].net -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002699.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002700.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002701.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002702.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002315.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002316.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002317.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\setar-101[1].0000 -> Adware.Yazzle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002693.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
D:\Downloads\MSN Plus!\install.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\A0001740.exe -> Downloader.Purity.dz : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b128.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\128[1].net -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002540.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\104[1].net -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002546.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002695.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002658.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\103[1].net -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002545.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
:mozilla.101:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.8:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.44:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.100:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.78:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.37:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.46:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nb5m5uzj.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.88:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.85:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.45:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.94:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.18:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002541.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\q35VxE.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpisvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\My Documents\My Received Files\GDCS_1.4MODDED.rar/GDCS.exe -> Worm.Mytob.bt : Cleaned with backup (quarantined).
D:\CSS stuff\CSS hack\GDCS.exe -> Worm.Mytob.bt : Cleaned with backup (quarantined).


::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:12:00 PM, on 4/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\System32\WgaTray.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176159801359
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7087 bytes
[ + quote]
scorpNZ
AfterDawn Addict

4 product reviews
_ 		11. April 2007 @ 16:10 _ Link to this message    Send private message to this user   
don't forget when backing up data you could also be backing up the very same malware your trying to repair things like hidden viruses & malware that reside in software apps,mp3's,GIF's and any email attachments,here's a few things that can alleviate any future problems google them and decide
sandboxie
MSVPC-microsoft virtual pc 20004 or 2007
VMWARE

Remember after a full destructive reformat and not just a flimsey overwrite the first thing needed to be activated is a firewall then head straight to microsoft update and don't leave till OS is fully patched,next install antivirus software,data that you saved should not be installed untill tested ok which could mean being used inside a virtual machine first
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. April 2007 @ 16:17
xirt
Newbie
_ 		11. April 2007 @ 16:35 _ Link to this message    Send private message to this user   
Alrighty thanks, but I'm just wondering if that Ipwins thing is still something I should worry about on the HijackThis report.
[ + quote]
KotaGuy
Member
_ 		11. April 2007 @ 16:58 _ Link to this message    Send private message to this user   
Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

Run and scan with HijackThis and place checks beside the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)

Close all open browsers/windows and click the Fix button.

Click Start>Run type in cmd and hit Enter. From the command prompt type in:

sc delete Client IP-IPX

And hit Enter. Exit the command console.

Boot into Safe Mode.

Search for and delete the following Folders:

C:\Program Files\Ipwindows
C:\PROGRA~1\COMMON~1\riuw

Search for and delete the following File:

C:\WINDOWS\System32\svchosts.exe

NOTE: Do NOT delete C:\WINDOWS\System32\svchost.exe. That is a valid file. Delete only C:\WINDOWS\System32\svchosts.exe

Empty your Recycle Bin.

Reboot Windows normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

[*]The program will launch and then begin downloading the latest definition files:
[*]Once the files have been downloaded click on NEXT
[*]Now click on Scan Settings
[*]In the scan settings make that the following are selected:

[*]Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

[*]Scan Options:

Scan Archives Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button:
[*]Save the file to your desktop.

Copy/paste the contents of the file in your next reply along with a new HijackThis log please.
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. April 2007 @ 17:01
xirt
Newbie
_ 		12. April 2007 @ 14:52 _ Link to this message    Send private message to this user   
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 12, 2007 5:51:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/04/2007
Kaspersky Anti-Virus database records: 296730
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 164537
Number of viruses found: 11
Number of infected objects: 21 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:37:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\dfsr.db Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsr.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsrtmp.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\tmp.edb Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\History\History.IE5\MSHist012007041220070413\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\Perflib_Perfdata_204.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe WiseSFX: infected - 4 skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe WiseSFX: infected - 4 skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF4CAF.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF4FB6.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF943A.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF9863.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MJ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MJ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003704.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003705.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003706.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003707.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003708.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003711.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\A0003959.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\unsvchosts.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003702.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:53:53 PM, on 4/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176159801359
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7520 bytes
[ + quote]
KotaGuy
Member
_ 		12. April 2007 @ 17:11 _ Link to this message    Send private message to this user   
Print this out for reference during the fix as for part of it you will be in Safe Mode and won't be able to access this site.

Run and scan with HijackThis and place checks beside the following:

O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')

Close all open browsers/windows and click the Fix button.

Boot into Safe Mode.

Search for and delete this Folder:

C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}

Search for and delete these Files:

C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe
C:\WINDOWS\system32\unsvchosts.exe

Empty your Recycle Bin.

Reboot Windows normally.

Do another Kaspersky scan and post its log along with a new HijackThis log please.
[ + quote]
xirt
Newbie
_ 		13. April 2007 @ 03:16 _ Link to this message    Send private message to this user   
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 13, 2007 6:15:05 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/04/2007
Kaspersky Anti-Virus database records: 296830
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 165609
Number of viruses found: 6
Number of infected objects: 11 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:38:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\dfsr.db Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsr.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsrtmp.log Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\tmp.edb Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\History\History.IE5\MSHist012007041220070413\index.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\Perflib_Perfdata_1a4.dat Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF4D1B.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DF5D17.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DFC19C.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temp\~DFC28B.tmp Object is locked skipped
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MJ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MJ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MJ\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\Program Files\Valve\Steam\AppUpdateStats.blob Object is locked skipped
C:\Program Files\Valve\Steam\Steam.log Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\base source engine 2.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\counter-strike source client.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\counter-strike source shared.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\source engine.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\source materials.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\source models.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\source sounds.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\sourceinit.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003704.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003705.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003706.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003707.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003708.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003711.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\A0003959.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\A0004106.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\A0004108.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5IJOTUJ\QuickTime[1].msi Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003702.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\change.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:15:46 AM, on 4/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Downloads\HiJackThis_v2.0.0.0.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176159801359
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7135 bytes
[ + quote]
KotaGuy
Member
_ 		13. April 2007 @ 04:56 _ Link to this message    Send private message to this user   
Print this out for reference as you will be booting into Safe Modee and won't be able to access this site.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :[list]
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.

Search for and delete this Folder:

C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}

[*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
[ + quote]
Advertisement
_ 		__
 
_
xirt
Newbie
_ 		13. April 2007 @ 21:40 _ Link to this message    Send private message to this user   
SDFix: Version 1.78

Run by MJ - Sat 04/14/2007 - 0:33:24.71

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

ImagePath:
"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000282

Client IP-IPX - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------




Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\MJ\My Documents\Joenes\~WRL3913.tmp
C:\WINDOWS\LastGood.Tmp\INF\dxbda.inf
C:\WINDOWS\LastGood.Tmp\INF\dxbda.PNF
C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.inf
C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.PNF
C:\WINDOWS\LastGood.Tmp\INF\dxxp.inf
C:\WINDOWS\LastGood.Tmp\INF\dxxp.PNF
C:\WINDOWS\LastGood.Tmp\INF\nvautlml.inf
C:\WINDOWS\LastGood.Tmp\INF\nvautlml.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem0.inf
C:\WINDOWS\LastGood.Tmp\INF\oem0.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem1.inf
C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem8.inf
C:\WINDOWS\LastGood.Tmp\INF\oem8.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF

Finished

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:40:45 AM, on 4/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Hamachi\hamachi.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176159801359
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7278 bytes
[ + quote]
 
Page:12Next >
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus problems...can't use hijackthis
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork