Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 16:50
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > *_*_*_*_* one more time *_*_*_*_*
Show topics
 
Forums
Forums
*_*_*_*_* ONE MORE TIME *_*_*_*_*
  Jump to:
 
Posted Message
Page:12Next >
EMIN3M
Suspended due to non-functional email address
_ 		31. May 2006 @ 02:33 _ Link to this message    Send private message to this user   
About after every 5 minutes while my computer is running, i get these 2 popups namely - "ULWindowSeek" & "ULWindowURL" ,along with a warning message - "Registry editing has been disabled by your administrator".This is really irritating as no anti-spyware/virus that i have tried is detecting any this. The following is a Logfile of HijackThis v1.99.1 -

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Winamp\winamp.exe

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe

"D:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor -

{B56A7D7D-6927-48C8-A975-17DF180C71AC} -

D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file

missing)
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series]

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.

EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M

"Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe

NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program

Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Program

Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run:

[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"D:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk =

D:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Polic

ies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search -

file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/eBay_Enhance

d_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5C

ontrols/en/x86/client/wuweb_site.cab?1100438425951
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Con

trols/en/x86/client/muweb_site.cab?1147695227389
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -

http://85.255.114.166/1/rdgIN2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupD

ownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{52BCFA7C-1656-4A6

5-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145

61.1.96.71
O17 -

HKLM\System\CS1\Services\Tcpip\..\{52BCFA7C-1656-4A6

5-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145

61.1.96.71
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: BITS - D:\WINDOWS\
O20 - Winlogon Notify: winkxt32 -

D:\WINDOWS\SYSTEM32\winkxt32.dll
O20 - Winlogon Notify: WRNotifier -

D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: EPSON Printer Status Agent2

(EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

D:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - D:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Norton Unerase Protection

(NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc)

- NVIDIA Corporation -

D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine

(svcWRSSSDK) - Webroot Software, Inc. - D:\Program

Files\Webroot\Spy Sweeper\WRSSSDK.exe
**********************************************************************
Can someone please help me with this mess!!!
Thanx.
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		31. May 2006 @ 03:04 _ Link to this message    Send private message to this user   
Hi EMIN3M, you got a nice collection there, we'll start the cleaning with this...

Download Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 and save it on desktop

IMPORTANT: Before continuing, you MUST do the following:

->Print this or save as a textfile
->Click start -> run -> services.msc -> ok
->Check that this service is running or its startuptype is automatic
Secondary logon
->Disconnect from internet (unplug your network cable)
->Close ALL antivirus programs (this is essential!)
->Close all windows before continuing.
->Double-click Look2Me-Destroyer.exe to run it.
->Put a check next to Run this program as a task.
->You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
->When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
->Once it's done scanning, click the Remove L2M button.
->You will receive a Done Scanning message, click OK.
->When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
->Your computer will then shutdown.
->Turn your computer back on.
->Please post the contents of C:\Look2Me-Destroyer.txt

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

So post a new HijackThis log (post the full log this time) and the contents of C:\Look2Me-Destroyer.txt

Then we'll continue the cleaning process...
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 31. May 2006 @ 03:05
EMIN3M
Suspended due to non-functional email address
_ 		31. May 2006 @ 04:07 _ Link to this message    Send private message to this user   
Okay...i did as you said.This the new HijackThis log -
************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 5:21:10 PM, on 5/31/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe "D:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgIN2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winkxt32 - D:\WINDOWS\SYSTEM32\winkxt32.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

**********************************************************************

These are the contents of the Look2Me-Destroyer.txt -
**********************************************************************

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/31/2006 4:57:33 PM


Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E3B4E336-0717-4C57-9FCF-43DD0350DCA7}"
HKCR\Clsid\{E3B4E336-0717-4C57-9FCF-43DD0350DCA7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4B4D68FE-F7B9-4AB8-8671-55B032EAE64F}"
HKCR\Clsid\{4B4D68FE-F7B9-4AB8-8671-55B032EAE64F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F7967180-4E8B-410D-8085-DC1A7E7FCD99}"
HKCR\Clsid\{F7967180-4E8B-410D-8085-DC1A7E7FCD99}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AD182A01-B5F4-4B24-9E45-62275E572591}"
HKCR\Clsid\{AD182A01-B5F4-4B24-9E45-62275E572591}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{44C21D15-210C-41D9-9EC4-A57CEB3C5203}"
HKCR\Clsid\{44C21D15-210C-41D9-9EC4-A57CEB3C5203}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{018E100C-882C-45D5-A314-E3180E9C0C33}"
HKCR\Clsid\{018E100C-882C-45D5-A314-E3180E9C0C33}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
**********************************************************************
Now...wat next?
[ + quote]
JaPK
Senior Member
_ 		31. May 2006 @ 04:22 _ Link to this message    Send private message to this user   
Ok, lets clean the rest of the infections........

You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

Cleaning instructions:

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

F2 - REG:system.ini: Shell=Explorer.exe "D:\WINDOWS\eksplorasi.exe"
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgIN2404.exe
O20 - Winlogon Notify: winkxt32 - D:\WINDOWS\SYSTEM32\winkxt32.dll

Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop NProtectService
sc delete NProtectService

Save the document to your desktop as Removal.bat and filetype: All Files
Go to your desktop and run the file Removal.bat and answer yes to any questions.

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these files (if found):
D:\WINDOWS\eksplorasi.exe
D:\WINDOWS\SYSTEM32\winkxt32.dll

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 31. May 2006 @ 04:23
EMIN3M
Suspended due to non-functional email address
_ 		31. May 2006 @ 10:44 _ Link to this message    Send private message to this user   
Thanx a TONNNNNNN for the help...evrythings fine (atleast for the time being!)..hers the HijackThis log file -

Logfile of HijackThis v1.99.1
Scan saved at 11:26:52 PM, on 5/31/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ICQLite\ICQLite.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winkxt32 - winkxt32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

**********************************************************************
And here's the ewido log -

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:58:40 PM, 5/31/2006
+ Report-Checksum: 8DE5D5E0

+ Scan result:

[280] D:\WINDOWS\system32\winkxt32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\Cookies\om@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\WINDOWS\Cookies\om@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Cookies\om@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Cookies\om@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
D:\WINDOWS\system32\winkxt32.dll -> Trojan.Agent.qt : Cleaned with backup
D:\WINDOWS\Temp\win68.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win6E.tmp.exe -> Downloader.IstBar.eq : Cleaned with backup
D:\WINDOWS\Temp\win70.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\winA6.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\winC8.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win16A.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win158.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win156.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win15D.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win166.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win176.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win16F.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win181.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win185.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win18B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win232.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win230.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win238.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win24B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win250.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win259.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win271.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win230.tmp -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win256.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win26E.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win25C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win262.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win26D.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win2A1.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win2BC.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win2BF.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win5A3.tmp.exe -> Hijacker.Small : Cleaned with backup
D:\WINDOWS\Temp\win5A3.tmp -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win5D1.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win5D1.tmp -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win5D2.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win68E.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win692.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\WINDOWS\Temp\win76B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\dbabjomd.exe.q_57136D5_q -> Trojan.Dialer.ay : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\win98.tmp.exe.q_5713400_q -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\winB2.tmp.exe.q_5713400_q -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\mmkkchmd.exe.q_57136E0_q -> Trojan.Dialer.ay : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\ielghomd.exe.q_5713711_q -> Trojan.Dialer.ay : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\win87.tmp.exe.q_5713400_q -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\All Users\Application Data\SecTaskMan\fhljcmmd.exe.q_571372F_q -> Trojan.Dialer.ay : Cleaned with backup
D:\Documents and Settings\KM\Local Settings\Temporary Internet Files\Content.IE5\A7SPMX07\srvhcz[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\KM\Local Settings\Temporary Internet Files\Content.IE5\W96J4HEJ\srvvmx[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\KM\Local Settings\Temporary Internet Files\Content.IE5\O1AVQFW1\WATCH_FREE_PORN[1].exe -> Downloader.INService.ja : Cleaned with backup
D:\Documents and Settings\KM\Local Settings\Temporary Internet Files\Content.IE5\B7D9PL52\srvows[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\KM\Local Settings\Temporary Internet Files\Content.IE5\U1TMF29O\srvwyy[1].exe -> Trojan.Dialer.oy : Cleaned with backup
:mozilla.22:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.54:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.55:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.66:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.67:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.68:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.74:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.75:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.81:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.107:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.108:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.114:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.115:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.116:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.117:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.118:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.119:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.120:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.122:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.124:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.125:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.140:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.142:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.147:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.148:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.149:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.150:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.152:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.154:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.155:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.156:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.157:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.158:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.159:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.160:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.161:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.162:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.167:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.189:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.190:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.191:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.194:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.195:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.196:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.197:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.202:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.203:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.204:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.210:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.213:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.214:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.232:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.233:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:D:\Documents and Settings\KM\Application Data\Mozilla\Firefox\Profiles\qfu7zl9p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temp\cli7.tmp -> Trojan.Agent.qt : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temp\win10.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temp\win14.tmp.exe -> Downloader.IstBar.eq : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJOPYF\srvput[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\M31GVZ7Q\srveat[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\89JBCVNX\srvsay[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\NKSUJ8QF\srvxwl[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\NKSUJ8QF\srvqdy[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\X5JU25Y0\srvaam[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL\Local Settings\Temporary Internet Files\Content.IE5\X5JU25Y0\srvnyu[1].exe -> Trojan.Dialer.oy : Cleaned with backup
:mozilla.13:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.16:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.25:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.26:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.27:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.28:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.29:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.45:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.86:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.98:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.99:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.100:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.101:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.111:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.112:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.113:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.114:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.115:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.116:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.117:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.118:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.123:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.124:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.125:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.126:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.131:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.132:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.134:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.135:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.142:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.143:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.144:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.145:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.148:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.154:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.155:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.170:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.171:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.172:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.190:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.191:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.192:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.193:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.196:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.197:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.206:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.207:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.208:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.210:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.220:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.221:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.244:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.245:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.246:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.259:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.260:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.267:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.268:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.269:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.274:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.275:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.276:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.277:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.278:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.280:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.292:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.358:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.359:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.360:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.361:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.365:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.366:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.378:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.385:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.403:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.407:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.416:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.427:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.428:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.437:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.438:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.456:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.466:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.469:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.474:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.475:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.478:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.487:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.500:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.501:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.511:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.512:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.525:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.533:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.535:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.550:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.7:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Com : Cleaned with backup
:mozilla.8:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Com : Cleaned with backup
:mozilla.17:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.26:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.27:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.50:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.59:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.60:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.61:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.62:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.66:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.71:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.81:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.90:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.96:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.97:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.99:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.137:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.138:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.140:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.141:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.142:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.149:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.150:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.151:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.155:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.156:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.157:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.161:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.166:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.167:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.181:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.182:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.183:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.188:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.191:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Overture : Cleaned with backup
:mozilla.197:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.202:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Starware : Cleaned with backup
:mozilla.203:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Starware : Cleaned with backup
:mozilla.204:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Starware : Cleaned with backup
:mozilla.206:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.207:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.208:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.209:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.210:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.211:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.214:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.226:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.227:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.228:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.229:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.230:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.231:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.232:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.247:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.248:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.273:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.274:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.275:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.276:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.277:D:\Documents and Settings\NIKHIL\Application Data\Mozilla\Firefox\Profiles\m4cctml4.default\cookies_2006-5-3_20-38-36-654 -> TrackingCookie.Googleadservices : Cleaned with backup
D:\Documents and Settings\Dipikaaa!!!!!!!!\Cookies\dipikaaa!!!!!!!!@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.11:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.12:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.13:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.14:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.26:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.27:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.33:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.51:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.52:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.73:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.77:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.79:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.110:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.111:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.112:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.113:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.114:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.121:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.122:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.123:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.124:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.126:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.129:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.130:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.141:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.174:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.175:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.179:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.180:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.181:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.182:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.183:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.189:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.195:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.198:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.199:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.204:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.205:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.207:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.208:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.209:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.210:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.214:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.215:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.216:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.217:D:\Documents and Settings\Dipikaaa!!!!!!!!\Application Data\Mozilla\Firefox\Profiles\qssgvfr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\SXEB8LM7\srvium[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\SXEB8LM7\srvunw[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\SXEB8LM7\srvlxv[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\0DEXGTUD\srvfoz[1].exe -> Trojan.Dialer.oy : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\0DEXGTUD\mulbin32[1].exe -> Hijacker.Small : Cleaned with backup
D:\Documents and Settings\NIKHIL II\Local Settings\Temporary Internet Files\Content.IE5\0DEXGTUD\srvtzj[1].exe -> Trojan.Dialer.oy : Cleaned with backup
:mozilla.12:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.20:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.21:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.43:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.46:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.47:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.51:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.54:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.55:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.56:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.57:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.75:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.76:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.83:D:\Documents and Settings\NIKHIL II\Application Data\Mozilla\Firefox\Profiles\binlbs6l.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
D:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup
D:\System Volume Information\_restore{4D3A8F11-C68A-4522-9294-187D445E3550}\RP257\A0113912.exe -> Dropper.VB.kk : Cleaned with backup
D:\System Volume Information\_restore{4D3A8F11-C68A-4522-9294-187D445E3550}\RP258\A0119062.dll -> Downloader.IstBar.ff : Cleaned with backup
:mozilla.16:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.18:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Com : Cleaned with backup
:mozilla.21:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Com : Cleaned with backup
:mozilla.53:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.61:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.62:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.63:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.64:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.89:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.90:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.93:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.95:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.96:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.97:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.113:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.114:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.115:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.116:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.117:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.118:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.119:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.120:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.122:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.126:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.128:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.129:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.130:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.131:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.132:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.134:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.135:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.136:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.137:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.138:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.139:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.140:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.142:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.143:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.153:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.154:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.163:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.164:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.165:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.166:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.167:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.168:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.173:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.174:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.175:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.176:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.195:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.196:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.197:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.198:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.199:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.200:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.201:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.205:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.206:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.208:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.210:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.211:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.215:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.216:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.217:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.218:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.231:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.232:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.233:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Overture : Cleaned with backup
:mozilla.234:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.236:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.237:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.239:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.240:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.241:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.242:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.243:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.244:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.245:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.246:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.257:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.272:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.273:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.274:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.275:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.276:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.309:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.310:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.311:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.312:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.318:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.319:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.320:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.321:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.322:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.324:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.325:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.326:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.380:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.386:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.393:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Starware : Cleaned with backup
:mozilla.394:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Starware : Cleaned with backup
:mozilla.395:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Starware : Cleaned with backup
:mozilla.405:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.420:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.428:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.431:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.437:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.438:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.444:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.460:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.461:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.463:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.466:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.473:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.497:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.498:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.502:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.512:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.522:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.523:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.524:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.525:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.526:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.527:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.538:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.571:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.582:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.589:D:\FOUND.009\FILE0008.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup


::Report End
**********************************************************************
Everything fine now???
[ + quote]
JaPK
Senior Member
_ 		31. May 2006 @ 10:54 _ Link to this message    Send private message to this user   
Ok looking good, now we clean the leftovers:

Fix this entry with HijackThis:

O20 - Winlogon Notify: winkxt32 - winkxt32.dll (file missing)

Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop NProtectService
sc delete NProtectService

Save the document to your desktop as Removal.bat and filetype: All Files
Go to your desktop and run the file Removal.bat and answer yes to any questions.

Then make your hidden files visible and delete the following folder:
D:\Program Files\Common Files\Real\WeatherBug

Make your hidden files hidden again.

Install antivirus and firewall.

Then post a one more HjT log and we'll see if you're clean :)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 31. May 2006 @ 10:54
EMIN3M
Suspended due to non-functional email address
_ 		31. May 2006 @ 11:02 _ Link to this message    Send private message to this user   
Here goes the HijackThis log again -

Logfile of HijackThis v1.99.1
Scan saved at 12:27:01 AM, on 6/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\Program Files\Grisoft\AVG7\avgcc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

**********************************************************************
I made that removal.bat file but it doesnt "run" exactly it just opens to show the contents of the file.
Thanx.
[ + quote]
JaPK
Senior Member
_ 		31. May 2006 @ 20:09 _ Link to this message    Send private message to this user   
Ok looking good, we can remove the Symantec leftover in alternative way:

Open HijackThis
-> Fix this entry:
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)

-> Press Config (in HijackThis)
-> Misc Tools
-> Delete an NT Service
-> Copy/paste this to the field -> NProtectService
-> Press OK
-> Restart the computer

Post a new log and we'll see if it is gone now.

By the way, do you know the name of your ISP (Internet Service Provider)?

Now that you got firewall and antivirus there still is something more to do.

Your Windows and Internet Explorer are outdated.

So go to Windows Update -> http://windowsupdate.microsoft.com
-> Install the Service Pack 1.
-> Reboot your computer and get back to the Windows Update.
-> Install Service Pack 2.
-> Reboot your computer and get back to the Windows Update.
-> Install all remaining important updates that are availabe.

It is important to update your system because it is extremely vulnerable without updates...
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 31. May 2006 @ 20:12
EMIN3M
Suspended due to non-functional email address
_ 		31. May 2006 @ 23:05 _ Link to this message    Send private message to this user   
Okay..im posting the HijacThis log (again)..but i still have a few problems to sort out -
1.The NProtect entry is not being removed,after repeated tries,through HijackThis.
2.After i loaded AVG antivirus,it detected a virus - "loaded.exe"..please check.
3.My anti-spyware detected a new startup program - "b47f7282.exe" in "D:/WINDOWS/System32"..is it a threat?
**********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 12:28:11 PM, on 6/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\rundll32.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
**********************************************************************
[ + quote]
JaPK
Senior Member
_ 		1. June 2006 @ 02:33 _ Link to this message    Send private message to this user   
Ok you had so much everything there that we should run a another scanner...

Did the AVG remove that found file?

Make your hidden files visible.

Delete the following file:
D:\WINDOWS\System32\b47f7282.exe

Then do this:

Download eScan to your desktop -> http://www.spywareinfo.dk/download/mwav.exe
Run the file mwav.exe and unzip it to its default location, C:\Kaspersky

1. Updating the scanner (close the eScan window if open)
-> Go to My Computer
-> C:\
-> Kaspersky
-> Run the file kavupd.exe, it starts downloading updates
-> When downloading is finished, go to C:\Downloads
-> Copy all the files in the Downloads folder by pressing CTRL+A and then CTRL+C
-> Then go back to the C:\Kaspersky folder and paste the files by pressing CTRL+V
-> Answer Yes to all when it asks about replacing files
-> Now the scanner has been updated

2. Scanner settings
-> Go to folder C:\Kaspersky and run the file mwavscan.com (or mwavscan.exe)
-> The scanner window opens
-> Select the same settings than in this picture -> http://koti.mbnet.fi/pattaya1/eScan6.jpg
-> When ready, press the Scan Clean button
-> Scanning for infections begins

3. Posting the results
-> When the scan has finished (scan may take a quite long time), you'll need to post the findings
-> Copy all the text in this field -> http://koti.mbnet.fi/pattaya1/eScan10.jpg
-> Click the field, press CTRL+A, CTRL+C
-> Then open Notepad and paste the findings into a new document by pressing CTRL+V
-> Save the document to your desktop
-> Post the contents of that textfile to here

Then we'll try to get rid of that Symantec entry once again. You said earlier that when you tried to run it, it shows to contents of the file. You propably haven't set the filetype to ALL FILES. This is important. Try one more time and follow carefully...

Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop NProtectService
sc delete NProtectService

Save the document to your desktop as Removal.bat and filetype: All Files
Go to your desktop and run the file Removal.bat and answer yes to any questions.

Then post a new HjT log and the eScan findings to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 1. June 2006 @ 02:34
EMIN3M
Suspended due to non-functional email address
_ 		1. June 2006 @ 05:36 _ Link to this message    Send private message to this user   
Can you believe it...the escan continued scanning for about 58 minutes,by the time of which it had detected 197 infections,of which 5 were "renamed" and others deleted,after that the "send error report" dialog box opened..i clicked "don't send" and Escan simply shutdown so i couldn'tcopy the details of the scan.Neways here is the HijackThis log .By the way do you require the Escan now ?if yes then ill scan again.
**********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 6:59:32 PM, on 6/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

**********************************************************************
[ + quote]
JaPK
Senior Member
_ 		1. June 2006 @ 10:22 _ Link to this message    Send private message to this user   
Ok, eScan is a very good scanner (it is a quite slow but still)

You could run a new scan with eScan but this time, run it from the safe mode, then copy the findings to a textfile and save it to your desktop.
Then restart normally and post the contents of the textfile to here.

Do you know anything about these IP adresses, 218.248.255.145 & 61.1.96.71 ?

More info here -> http://www.dnsstuff.com/tools/whois.ch?ip=218.248.255.145

But run that new scan and then post the results to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
EMIN3M
Suspended due to non-functional email address
_ 		4. June 2006 @ 03:10 _ Link to this message    Send private message to this user   
Yes,i know those two IP's - they are something related to my internet service providers.Okay here's the escan log,but this time it detected just two threats (in comparision to last time's 155) -
************************************************************************
File D:\System Volume Information\_restore{4D3A8F11-C68A-4522-9294-187D445E3550}\RP260\A0132397.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File E:\NIKHIL\TEXT FILES\007¦ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
************************************************************************
Again, my anti-spyware detected the startup entry - "b47f7282.exe" and location - "D:\WINDOWS\system32".I blocked it from starting again(thru the anti-spyware) and then i deleted the file manually.
[ + quote]
JaPK
Senior Member
_ 		4. June 2006 @ 06:23 _ Link to this message    Send private message to this user   
Ok, we need some more information....

Please download WinPFind and run a scan with it, instructions here -> http://www.bleepingcomputer.com/files/winpfind.php

Then post its log to here.


[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
EMIN3M
Suspended due to non-functional email address
_ 		4. June 2006 @ 06:53 _ Link to this message    Send private message to this user   
The following are the contents of WinPFind scan -

**********************************************************************
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PECompact2 10/5/2005 7:39:08 AM 2293088 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/5/2005 7:39:08 AM 2293088 D:\WINDOWS\SYSTEM32\MRT.exe
PEC2 8/23/2001 11:00:00 AM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 8/23/2001 11:00:00 AM 630784 D:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 11:00:00 AM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 9/29/2005 2:59:14 AM 693248 D:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/29/2005 2:59:14 AM 693248 D:\WINDOWS\SYSTEM32\DivX.dll
aspack 5/26/2005 3:34:52 PM 2297552 D:\WINDOWS\SYSTEM32\d3dx9_26.dll

Checking %System%\Drivers folder and sub-folders...
UPX! 5/31/2006 11:59:10 PM 776096 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 5/31/2006 11:59:10 PM 776096 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 5/31/2006 11:59:10 PM 776096 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 5/31/2006 11:59:10 PM 776096 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys
qoologic 5/11/2006 8:21:34 PM 1750 D:\WINDOWS\SYSTEM32\drivers\etc\hosts.msn
urllogic 5/11/2006 8:21:34 PM 1750 D:\WINDOWS\SYSTEM32\drivers\etc\hosts.msn

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/4/2006 4:22:58 PM S 2048 D:\WINDOWS\bootstat.dat
5/31/2006 6:30:14 PM H 35860 D:\WINDOWS\system32\vsconfig.xml
6/4/2006 8:09:40 PM H 1024 D:\WINDOWS\system32\config\software.LOG
6/4/2006 8:08:36 PM H 1024 D:\WINDOWS\system32\config\default.LOG
6/4/2006 6:30:40 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG
6/4/2006 6:30:28 PM H 1024 D:\WINDOWS\system32\config\SECURITY.LOG
5/8/2006 11:15:12 PM H 10839 D:\WINDOWS\system32\spool\drivers\w32x86\3\EPIUIE6V.GID
5/15/2006 5:48:12 PM H 0 D:\WINDOWS\inf\oem16.inf
5/16/2006 4:29:22 PM HS 113 D:\WINDOWS\Temp\History\History.IE5\desktop.ini
5/16/2006 4:29:22 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
5/16/2006 4:29:22 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SR8FYDO7\desktop.ini
5/16/2006 4:29:22 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A9YTQ5S1\desktop.ini
5/16/2006 4:29:22 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8SQGAKUO\desktop.ini
5/16/2006 4:29:22 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9TF72INT\desktop.ini
4/7/2006 6:24:26 PM H 0 D:\WINDOWS\LastGood\INF\oem16.inf
4/7/2006 6:24:26 PM H 0 D:\WINDOWS\LastGood\INF\oem16.PNF
4/7/2006 6:24:50 PM H 0 D:\WINDOWS\LastGood\INF\d3dx9_26_x86.inf
4/7/2006 6:24:50 PM H 0 D:\WINDOWS\LastGood\INF\d3dx9_26_x86.PNF
6/4/2006 4:23:06 PM H 6 D:\WINDOWS\Tasks\SA.DAT
5/15/2006 5:47:32 PM H 0 D:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79216adf283ea5e6f8a619b3926fe0c7\BIT23D.tmp

Checking for CPL files...
Microsoft Corporation 8/23/2001 11:00:00 AM 130048 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 558592 D:\WINDOWS\SYSTEM32\appwiz.cpl
12/10/2005 3:06:00 AM 73728 D:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 150016 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 119808 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 559616 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 256000 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 109056 D:\WINDOWS\SYSTEM32\powercfg.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 270848 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 90112 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 4:30:00 PM 66048 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/17/2001 10:37:02 PM 48128 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 D:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 D:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 D:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 558592 D:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/23/2001 4:30:00 PM 66048 D:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 4:30:00 PM 130048 D:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 D:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 150016 D:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 119808 D:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 187904 D:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 559616 D:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 256000 D:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 D:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 109056 D:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 147456 D:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 270848 D:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 90112 D:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/29/2004 7:15:48 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/19/2004 8:51:52 PM 1634 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/29/2004 7:07:48 PM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
5/15/2006 2:33:50 PM H 20 D:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
1/30/2006 6:02:56 PM 1751 D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
10/29/2004 7:15:48 PM HS 84 D:\Documents and Settings\NIKHIL\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/29/2004 7:07:48 PM HS 62 D:\Documents and Settings\NIKHIL\Application Data\desktop.ini
6/4/2006 6:47:14 PM 26904 D:\Documents and Settings\NIKHIL\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Program Files\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\NIKHIL\PROGRAMS\WINZIP\WINZIP~1.0\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\NIKHIL\PROGRAMS\WINZIP\WINZIP~1.0\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Program Files\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\NIKHIL\PROGRAMS\WINZIP\WINZIP~1.0\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : D:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : D:\Program Files\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{7435856C-6CA1-45CF-A00D-82178387F223} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
nwiz nwiz.exe /install
EPSON Stylus C41 Series D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
NvMediaCenter RunDLL32.exe NvMCTray.dll,NvTaskbarInit
NvCplDaemon RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
RegistryMechanic
NeroFilterCheck D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
AVG7_CC D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
SpySweeper "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
MaxRecentDocs 6
NoFolderOptions 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableCMD 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} =
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/4/2006 8:13:41 PM
**********************************************************************
[ + quote]
JaPK
Senior Member
_ 		4. June 2006 @ 07:40 _ Link to this message    Send private message to this user   
Ok, how is the computer now?

Your logs look clean, please let me know if that b47f7282.exe keeps coming back...

You should update SpySweeper's and AVG's signatures and run scan with both of them, clean if they find anything...

Now you should update your Windows and Internet Explorer by visiting Windows Update -> http://windowsupdate.microsoft.com

-> Install Service Pack 2
-> Reboot
-> Go back to the Windows Update and install all remaining important updates

Then you have outdated Java, you should update it too:
1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp
4. After updating, uninstall the old Java if found from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6

Here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)



[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 07:43
EMIN3M
Suspended due to non-functional email address
_ 		5. June 2006 @ 01:42 _ Link to this message    Send private message to this user   
okay JaPK..thanx a lot...my comp's clean now (i suppose)..by the way should i remove the following folders -
C:\Bases
C:\Downloads
C:\Kaspersky

And should i delete the file - "Removal.bat" on my desktop?
Thanks.
[ + quote]

This message has been edited since posting. Last time this message was edited on 5. June 2006 @ 01:45
EMIN3M
Suspended due to non-functional email address
_ 		5. June 2006 @ 02:37 _ Link to this message    Send private message to this user   
Hey JaPK..thanx a lot..my comp's clean now :)!
Sould i delete the following -
C:\Kaspersky
C:\bases
C:\Downloads
"Removal.bat" in the desktop?
Thanks.
[ + quote]
JaPK
Senior Member
_ 		5. June 2006 @ 10:54 _ Link to this message    Send private message to this user   
You're welcome :)

And yes, you can delete those folders now.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
EMIN3M
Suspended due to non-functional email address
_ 		5. June 2006 @ 23:35 _ Link to this message    Send private message to this user   
By the way...ive got a huge list of "Windows XP Hotfix" named programs on my "Add/Remove Programs" list..should i remove those?
[ + quote]
JaPK
Senior Member
_ 		6. June 2006 @ 06:47 _ Link to this message    Send private message to this user   
NO don't remove them, those are the updates that you've installed to your computer. They are very important and you should keep those.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
EMIN3M
Suspended due to non-functional email address
_ 		7. June 2006 @ 03:38 _ Link to this message    Send private message to this user   
Okay..this the HijackThis log once more...please check it for any problems -
Logfile of HijackThis v1.99.1
Scan saved at 5:01:54 PM, on 6/7/2006

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\system32\clipsrv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\RunDLL32.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{52BCFA7C-1656-4A65-8D04-2B9D6EE4EADD}: NameServer = 218.248.255.145 61.1.96.71
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
[ + quote]
JaPK
Senior Member
_ 		7. June 2006 @ 07:06 _ Link to this message    Send private message to this user   
Ok your log looks clean, have you updated your Java?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
EMIN3M
Suspended due to non-functional email address
_ 		8. June 2006 @ 02:22 _ Link to this message    Send private message to this user   
Yeah...i tried to update it...but while installing it from the internet it just hangs and the progress bar does not move at all. What to do?
[ + quote]

This message has been edited since posting. Last time this message was edited on 8. June 2006 @ 02:58
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		8. June 2006 @ 06:41 _ Link to this message    Send private message to this user   
Try to download and install it from here -> http://www.java.com/en/download/manual.jsp
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 8. June 2006 @ 06:42
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > *_*_*_*_* one more time *_*_*_*_*
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork