please help with a lot of viruses & spyware...

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Tuesday 4.3.2025 / 22:00

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help with a lot of viruses & spyware...

Browse by topic

Forums

Start a new thread

please help with a lot of viruses & spyware...

Jump to:

Posted

Message

coqui3l

Junior Member

10. December 2008 @ 20:03

Link to this message

Someone please help by reviewing the following logs and notes and providing fixes.

I've run in the following order Malwarebyte, Superantispyware, Vundo
Fix 7.0.6 (no infections reported), CCCleaner (programs & registry cleaned), TrendMicro's HouseCall 6.5, AVG Pro, Windows Defender & ended

with HiJackThis.

*********************************
*********************************
*********************************

Malwarebytes' Anti-Malware 1.31
Database version: 1479
Windows 5.1.2600 Service Pack 3

12/10/2008 3:48:35 AM
mbam-log-2008-12-10 (03-48-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138579
Time elapsed: 1 hour(s), 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 48
Registry Values Infected: 8
Registry Data Items Infected: 20
Folders Infected: 8
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ljJBTmJb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\glsgpo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUkigGW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9eab4780-4cb4-4c30-b5d8-9995460027cc}

(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9eab4780-4cb4-4c30-b5d8-9995460027cc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00}

(Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857}

(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtukiggw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wav6com.avofficeprotect (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wav6com.avofficeprotect.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9eab4780-4cb4-4c30-b5d8-9995460027cc} (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00} (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ViRsLab (Rogue.AVLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\virslabwarning.warningbho (Rogue.AVLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\virslabwarning.warningbho.1 (Rogue.AVLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virustriggerbin (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b394226-862f-4aa4-aa53-988e24f50841}

(Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b394226-862f-4aa4-aa53-988e24f50841} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virustriggerbin (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857}

(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjbtmjb ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdklp.exe -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjbtmjb ->

Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad:

(http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad:

(http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good:

(http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer

(Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer

(Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\DhcpNameServer

(Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer

(Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ViRsLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
C:\Program Files\VirusTriggerBin (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\glsgpo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJBTmJb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bJmTBJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bJmTBJjl.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUkigGW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hfsqdgcr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcgdqsfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkfyakqr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqkayfkh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvapqabk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbaqpavk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwbxqerq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qreqxbwp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rylsesjn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njseslyr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thpmvrmi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imrvmpht.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ysbykkgs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgkkybsy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdklp.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\675873\675873.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\Local Settings\Temp\xrg3.exe (Zlob.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\9CCJ373D\index[2] (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\AR6F7HXB\zc113432[2] (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\KPXSQNA4\kb435[1] (Trojan.Vundo) -> Quarantined and

deleted successfully.
C:\Program Files\ViRsLab\ViRsLab.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\UAV\UAV.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tujidf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jktnsatg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrcksgeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svuvoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cppvgjbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNfGXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srhatuql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xatygg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aycpjovl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkbrewtx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwnfxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zaiszv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\UAV\uav.ooo (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\UAV\UAV1.dat (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\UAV\Uninstall.exe (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-12B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-145.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-2E5.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-4C7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-5B7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-ADB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-BAF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

*********************************
*********************************
*********************************

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2008 at 05:53 AM

Application Version : 4.23.1006

Core Rules Database Version : 3661
Trace Rules Database Version: 1641

Scan type : Complete Scan
Total Scan Time : 00:46:44

Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 5752
Registry threats detected : 178
File items scanned : 23970
File threats detected : 261

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID
HKCR\MPAgent.Agent.1
HKCR\MPAgent.Agent.1\CLSID
HKCR\MPAgent.Agent
HKCR\MPAgent.Agent\CLSID
HKCR\MPAgent.Agent\CurVer
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0\win32
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR
C:\WINDOWS\SYSTEM32\AGENT.DLL
HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}
HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\ProxyStubClsid
HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\ProxyStubClsid32
HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\TypeLib
HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\TypeLib#Version

Adware.Vundo/Variant-Greek
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8e9d480-7afe-46a6-8842-8e28c2780b8a}
HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}
HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}\InprocServer32
HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YSUFAS.DLL

HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}
C:\WINDOWS\SYSTEM32\ABDLBOWJ.DLL
C:\WINDOWS\SYSTEM32\ACOKESVW.DLL
C:\WINDOWS\SYSTEM32\BBCTENST.DLL
C:\WINDOWS\SYSTEM32\CTHMWSCB.DLL
C:\WINDOWS\SYSTEM32\EGLVOE.DLL
C:\WINDOWS\SYSTEM32\EYDFAZ.DLL
C:\WINDOWS\SYSTEM32\HAYROHHG.DLL
C:\WINDOWS\SYSTEM32\HEPHRHFN.DLL
C:\WINDOWS\SYSTEM32\IHCLIRET.DLL
C:\WINDOWS\SYSTEM32\IMZBFS.DLL
C:\WINDOWS\SYSTEM32\JMJIVM.DLL
C:\WINDOWS\SYSTEM32\JUUBMC.DLL
C:\WINDOWS\SYSTEM32\KOKSMYDF.DLL
C:\WINDOWS\SYSTEM32\LCQVQBGA.DLL
C:\WINDOWS\SYSTEM32\MDKSTF.DLL
C:\WINDOWS\SYSTEM32\NEGVLXQW.DLL
C:\WINDOWS\SYSTEM32\PAHOHFJQ.DLL
C:\WINDOWS\SYSTEM32\SWOBJN.DLL
C:\WINDOWS\SYSTEM32\UDZBHF.DLL
C:\WINDOWS\SYSTEM32\WNLQXF.DLL

Trojan.Media-Codec
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}

HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0}

HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}
HKCR\CodecsSoftwarePackage.chl
HKCR\CodecsSoftwarePackage.chl\CLSID
C:\Program Files\QualityCodec\uninst.exe
C:\Program Files\QualityCodec

Rogue.VirusResponseLab2009
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841}

HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841}

Rootkit.NDisProt/Fake
HKLM\System\ControlSet001\Services\Ndisprot
C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_Ndisprot
HKLM\System\ControlSet002\Services\Ndisprot
HKLM\System\ControlSet002\Enum\Root\LEGACY_Ndisprot
HKLM\System\CurrentControlSet\Services\Ndisprot
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Ndisprot

Adware.Tracking Cookie
C:\Documents and Settings\Kate\Cookies\kate@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.data.coremetrics.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.hrsaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.hrsaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.accountonline.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.accountonline.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.statse.webtrendslive.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
www.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.crossmediaservices.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.stats.crossmediaservices.com [ C:\Documents and Settings\Shamba\Application

Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.householdaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.metacafe.122.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
counter.hitslink.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.nba.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.media-bucket.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
.windowsmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-equifax.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-tigerdirect2.hitbox.com [ C:\Documents and Settings\Shamba\Application

Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-sharpelectronic.hitbox.com [ C:\Documents and Settings\Shamba\Application

Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
img.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
silo.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.marketlive.122.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.vidego.multicastmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
.vidego.multicastmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt

]
sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.ehg-lgusa.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
.dynamicsitestats.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ]
C:\Documents and Settings\Shamba\Cookies\shamba@mediaplex[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@tracker.tbkresources[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@2o7[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@realmedia[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@hg1.hitbox[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@questionmarket[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@anad.tacoda[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@anat.tacoda[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@specificclick[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@tacoda[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@hitbox[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@casalemedia[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ad.yieldmanager[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ads.jpgmag[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@fastclick[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@revsci[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@clicksor[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@kontera[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adlegend[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ads.adbrite[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@easyadservice[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@trafficmp[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@msnportal.112.2o7[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@revenue[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@test.coremetrics[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@citi.bridgetrack[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adserver.sassybella[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ads.pointroll[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@brightcove.112.2o7[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@media.adrevolver[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@tribalfusion[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@media.adrevolver[3].txt
C:\Documents and Settings\Shamba\Cookies\shamba@www.googleadservices[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@www.burstnet[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@iacas.adbureau[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@serving-sys[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adbrite[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ehg-providianbankcorpservices.hitbox[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@precisionclick[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adrevolver[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@atdmt[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@burstnet[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@collective-media[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@zedo[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adopt.euroclick[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@jkearn.freestats[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@3.adbrite[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@4.adbrite[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@adopt.specificclick[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ads.revsci[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@advertising[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@apmebf[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@atwola[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@bs.serving-sys[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@doubleclick[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@data.coremetrics[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@imrworldwide[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@insightexpressai[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@media6degrees[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@porn.iwantanewgirlfriend[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@server.iad.liveperson[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@server.iad.liveperson[3].txt
C:\Documents and Settings\Shamba\Cookies\shamba@sexreactor[2].txt
C:\Documents and Settings\Shamba\Cookies\shamba@statcounter[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@statse.webtrendslive[1].txt
C:\Documents and Settings\Shamba\Cookies\shamba@winantivirus[1].txt

Adware.MovieLand/MediaPipe
HKCR\AppId\AMNotifier.EXE
HKCR\AppId\AMNotifier.EXE#AppID
HKCR\AppId\MPAgent.DLL
HKCR\AppId\MPAgent.DLL#AppID
HKCR\AMNotifier.HUBAWindow
HKCR\AMNotifier.HUBAWindow\CLSID
HKCR\AMNotifier.HUBAWindow\CurVer
HKCR\AMNotifier.HUBAWindow.1
HKCR\AMNotifier.HUBAWindow.1\CLSID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}#AppID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\Programmable
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR
C:\Program Files\moviepass Terms.html
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib#Version

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#INITSTARTFAILED
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#INITSTARTFAILED
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#Type
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#Start
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security#Security
C:\WINDOWS\system32\av.cpl

Malware.VirusBurst
C:\Program Files\VirusBursters\blacklist.txt
C:\Program Files\VirusBursters\ignored.lst
C:\Program Files\VirusBursters\Lang\English.ini
C:\Program Files\VirusBursters\Lang
C:\Program Files\VirusBursters\Logs
C:\Program Files\VirusBursters\Quarantine\archive 12.11.2006 20-53-00.dat
C:\Program Files\VirusBursters\Quarantine\archive 12.11.2006 20-53-00.inf
C:\Program Files\VirusBursters\Quarantine
C:\Program Files\VirusBursters\vir.dat
C:\Program Files\VirusBursters\virusburster.ini
C:\Program Files\VirusBursters\VirusBursters.url
C:\Program Files\VirusBursters

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#LU
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#CT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#LT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid

Rogue.Component/Trace
HKLM\Software\Microsoft\54D77472
HKLM\Software\Microsoft\54D77472#54d77472
HKLM\Software\Microsoft\54D77472#Version
HKLM\Software\Microsoft\54D77472#54d7d9f2
HKLM\Software\Microsoft\54D77472#54d7b017

Malware.SpywareQuake
C:\DOCUMENTS AND SETTINGS\KATE\LOCAL SETTINGS\TEMP\~NSU.TMP\AU_.EXE

*********************************
*********************************
*********************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:40 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kate\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdklp.exe] C:\WINDOWS\system32\kdklp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdat...b?1140273995820
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -

http://www.kodakgallery.com/downloads/BU..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -

http://www.kodakgallery.com/downloads/BU..._2/axofupld.cab
O20 - AppInit_DLLs: ysufas.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5863 bytes

**********************************************
**********************************************
**********************************************

VundoFix reported that no infections were found.

**********************************************
**********************************************
**********************************************

TrendMicro's Housecall 6.5 found the following items:

1. Detected MalWare: Mal_Otorun2 (1 infections)
2. Detected MalWare: TROJ_WIMAD.AZ (1 infections)
3. Detected Grayware/Spyware: ADWARE_WEIRDONTHEWEB (3 Infections)
4. Detected Grayware/Spyware: ADWARE_SOFTOMATE (1 Infections)

Housecall was unable to remove 1. and one of the grayware/spywares (pdf creator failed to capture this section).

**********************************************
**********************************************
**********************************************

AVG Pro Whole Computer Scan
---------------------------
"Scan ""Scan whole computer"" was finished."
"Infections found:";"0"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"35"
"Information count:";"0"
"Scan started:";"Wednesday, December 10, 2008, 9:14:43 AM"
"Scan finished:";"Wednesday, December 10, 2008, 11:25:36 AM (2 hour(s) 10 minute(s) 52 second(s))"
"Total object scanned:";"716552"
"User who launched the scan:";"Kate"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Kate\Cookies\kate@2o7[2].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@2o7[2].txt:\2o7.net.2e368e64";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking

cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking

cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking

cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking

cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking

cookie.Yieldmanager";"Deleted"
"C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@statse.webtrendslive[1].txt";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking

cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus

Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus

Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus

Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus

Vault"
"C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus

Vault"
"C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt";"Found Tracking

cookie.Webtrends";"Healed"
"C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt:\m.webtrends.com.b4ca7df0";"Found

Tracking cookie.Webtrends";"Moved to Virus Vault"
"C:\Documents and Settings\Shamba\Application

Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved

to Virus Vault"
"C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt";"Found Tracking cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.3a8d7204";"Found Tracking

cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.44e78b2";"Found Tracking

cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.7bef4b04";"Found Tracking

cookie.Information";"Moved to Virus Vault"

"Rootkits"
"File";"Infection";"Result"
"c:\Documents and Settings\Shamba\My Documents\My Music\jay-z\cant knock the....\jay-z - Clean.mp3";"Hidden file";"Reboot is required to

finish the action"

**********************************************
**********************************************
**********************************************

Windows Defender
Full System Scan
No unwanted or harmful software detected.

**********************************************
**********************************************
**********************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:40 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kate\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdat...b?1140273995820
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BU..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BU..._2/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/j...5fb12aadb8/&fil

ename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ysufas.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7379 bytes

**********************************************
**********************************************
**********************************************

[ + quote]

coqui3l

Junior Member

11. December 2008 @ 07:42

Link to this message

Mod, please remove this post. I kept trying to post a thread but kept getting an error message indicating that there was an error with the post most likely due to a bad internet connection. So I kept trying and checking the forum to see if perhaps the post went through despite the error message. Later, I finally saw my post but 4 more identical ones. I spent about an hour trying to figure out how to delete a post or some other way to edit the posts but by then I was so tired I'd need that contraption in ClockWork Orange to keep my eyes open. Sorry.

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help with a lot of viruses & spyware...


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.