Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this log [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
FallenAngel

FallenAngel

    Member

  • Member
  • PipPip
  • 39 posts
I keep having a problem with popups saying they're from Web Nexus, and I'm supposed to click on this link to get more info or delete it... but before I'd do that I thought it wuld be better to ask here. I'm using Firefox, Windows XP Professional, and that's about all I know. Thanks for any help!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:40:13 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\poqaoq.exe
C:\WINDOWS\System32\d?dplay.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\htse\rrtc.exe
C:\WINDOWS\system32\Isp119.exe
C:\WINDOWS\system32\Isp119.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {04AB1FF3-8465-AB9E-4F41-DE38723991C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15AB3126-B445-50E5-8277-62550EA52A1C} - (no file)
O2 - BHO: (no name) - {38478ADD-414C-3BE3-6D21-4D31C2C9FFC9} - C:\WINDOWS\system32\svnif.dll
O2 - BHO: (no name) - {45FE6735-FAFE-F325-83EE-F00A7209F09F} - (no file)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_5957.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {70D35735-D7CD-C611-AEDE-C0274239DDAF} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4E3XSKP25WA63H] C:\WINDOWS\system32\RhqYr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poqaoq.exe reg_run
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKCU\..\Run: [Zoetnn] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [KwsERXZ2W] vbstime.exe
O4 - HKCU\..\Run: [Hbas] C:\Documents and Settings\Fallen_Angel\Application Data\locr.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Ribra] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Rbrp] C:\Program Files\htse\rrtc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O18 - Protocol hijack: mhtml -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.


Let's see what we can get done with some general scans first.

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.



==========



Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.



==========



Reboot and post a new hijackthis log, ewido log, and the info from your virus scans.
  • 0

#3
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Sam and thank you for helping me!!

I ran the Ewido Security Suite, then went to run the other things you had said to run... but it says I need to use Internet Explorer to run these, and I don't use IE... I moved it from the desktop because I don't use it, I use Mozilla Firefox (I get very few pop ups with firefox as opposed to 15 just when starting up the computer with IE). I also have Norton Anti-virus, and Spyware Doctor on the computer. SHould I find IE and use it instead of Firefox, or would you recommend something else??

Thank you again for your help!
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I commend your decision to keep IE on the shelf and use Firefox.
You can run this online scan using Firefox.

http://www.trendmicr....com/housecall/
  • 0

#5
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here's my HiJack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:26:43 PM, on 7/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\poqaoq.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\?ti2evxx.exe
C:\Program Files\htse\rrtc.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {04AB1FF3-8465-AB9E-4F41-DE38723991C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15AB3126-B445-50E5-8277-62550EA52A1C} - (no file)
O2 - BHO: (no name) - {38478ADD-414C-3BE3-6D21-4D31C2C9FFC9} - C:\WINDOWS\system32\svnif.dll
O2 - BHO: (no name) - {45FE6735-FAFE-F325-83EE-F00A7209F09F} - (no file)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_5957.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {70D35735-D7CD-C611-AEDE-C0274239DDAF} - (no file)
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4E3XSKP25WA63H] C:\WINDOWS\system32\WhoUP8s0.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poqaoq.exe reg_run
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKCU\..\Run: [Zoetnn] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [KwsERXZ2W] vbstime.exe
O4 - HKCU\..\Run: [Hbas] C:\Documents and Settings\Fallen_Angel\Application Data\locr.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Ribra] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Rbrp] C:\Program Files\htse\rrtc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O18 - Protocol hijack: mhtml -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido Suite:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:50:12 PM, 7/21/2005
+ Report-Checksum: BD892BCC

+ Scan result:

:mozilla.66:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.752:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.838:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.839:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.865:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.869:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.870:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.871:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.872:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.873:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.877:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.879:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.880:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.881:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.888:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.974:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Fallen_Angel\Shared\Absolute MahJong 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup


::Report End
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's clean up your log a bit.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {04AB1FF3-8465-AB9E-4F41-DE38723991C8} - (no file)
O2 - BHO: (no name) - {15AB3126-B445-50E5-8277-62550EA52A1C} - (no file)
O2 - BHO: (no name) - {38478ADD-414C-3BE3-6D21-4D31C2C9FFC9} - C:\WINDOWS\system32\svnif.dll
O2 - BHO: (no name) - {45FE6735-FAFE-F325-83EE-F00A7209F09F} - (no file)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_5957.dll
O2 - BHO: (no name) - {70D35735-D7CD-C611-AEDE-C0274239DDAF} - (no file)
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKLM\..\Run: [4E3XSKP25WA63H] C:\WINDOWS\system32\WhoUP8s0.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poqaoq.exe reg_run
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_5957.dll"
O4 - HKCU\..\Run: [Zoetnn] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [KwsERXZ2W] vbstime.exe
O4 - HKCU\..\Run: [Hbas] C:\Documents and Settings\Fallen_Angel\Application Data\locr.exe
O4 - HKCU\..\Run: [Ribra] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [Rbrp] C:\Program Files\htse\rrtc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O18 - Protocol hijack: mhtml -



Delete these files/folders, if found.

c:/ireg.reg
C:\WINDOWS\system32\svnif.dll
C:\WINDOWS\System32\sfg_5957.dll
C:\WINDOWS\System32\ieredir.dll
C:\WINDOWS\system32\WhoUP8s0.exe
C:\WINDOWS\system32\poqaoq.exe
C:\WINDOWS\System32\d?dplay.exe
C:\WINDOWS\system32\?ti2evxx.exe
C:\Documents and Settings\Fallen_Angel\Application Data\locr.exe
C:\Program Files\htse
C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition
vbstime.exe <-- search for this file



Reboot and post a new hijackthis log.
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you!! Here's the newest hijack this log after I did what you had said to do on the last post. Mom's doing better, things are still frustrating though lol

Logfile of HijackThis v1.99.1
Scan saved at 10:44:00 AM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\olekey.dll
O2 - BHO: (no name) - {B405099E-CF00-E8A4-7722-C809811420C1} - C:\WINDOWS\system32\rqg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll (file missing)
O2 - BHO: (no name) - {D706EB05-7ECF-0638-BE2D-7D22831C18C2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: olekey - C:\WINDOWS\Fonts\olekey.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#9
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Oh still getting the pop-ups from the Web Nexus network... with the thing at the bottom that says "click here for more info or to uninstall" ... for which you have to download something to uninstall it?

For some reason, I don't trust a thing from a pop-up saying to install something to uninstall the thing providing the pop-ups...
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\Fonts\olekey.dll

  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\Fonts\yekelo.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:


    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\olekey.dll
    O20 - Winlogon Notify: olekey - C:\WINDOWS\Fonts\olekey.dll

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

Advertisements


#11
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I couldn't run ActiveScan because I'm using Firefox, I remembered you posting to use Trend Micro, so I ran that (hope that's ok!)

It found this one file and wouldn't let me clean it because I needed a ticket number?

TROJ_QOOLOGIC.Q (1) in the file C:\WINDOWS\system32\wvgbv.dat

Here's the hijack this log from safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 11:39:24 PM, on 9/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\olekey.dll (file missing)
O2 - BHO: (no name) - {B405099E-CF00-E8A4-7722-C809811420C1} - C:\WINDOWS\system32\rqg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: (no name) - {D706EB05-7ECF-0638-BE2D-7D22831C18C2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: rtup.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: olekey - C:\WINDOWS\Fonts\olekey.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

----------------------------------------------------

and here's the vundofix.txt file:


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 152 'smss.exe'
Threads [156][160][164]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 224 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That took care of Vundo. Now let's work on the rest of it.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\olekey.dll (file missing)
O2 - BHO: (no name) - {B405099E-CF00-E8A4-7722-C809811420C1} - C:\WINDOWS\system32\rqg.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: (no name) - {D706EB05-7ECF-0638-BE2D-7D22831C18C2} - (no file)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O20 - Winlogon Notify: olekey - C:\WINDOWS\Fonts\olekey.dll (file missing)




Now we need to find some hidden malware files.

Please download WindPFind

Extract WinPFind.zip to your c:\ folder.


Reboot your computer into Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


===========


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#13
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
When I ran hijack this, there was one file you told me to check off to fix that did not show up for some reason... it was:

02 - BHO:(no name) - {B405099E-CF00-E8A4-7722-C809811420C1} - C:\WINDOWS\system32\rqg.dll

------------------------------------------------------------
WinPFind.txt file:
------------------------------------------------------------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 5/11/2005 10:14:00 PM 1587693 C:\crash.txt
PEC2 7/9/2004 2:17:16 PM 13265040 C:\dxnt.cab

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 3:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
69.59.186.63 9/18/2005 12:50:18 PM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
209.66.67.134 9/18/2005 12:50:18 PM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
web-nex 9/18/2005 12:50:18 PM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
winsync 9/18/2005 12:50:18 PM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
69.59.186.63 9/18/2005 12:50:16 PM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
209.66.67.134 9/18/2005 12:50:16 PM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
web-nex 9/18/2005 12:50:16 PM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
winsync 9/18/2005 12:50:16 PM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
PECompact2 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 5/9/1997 4:00:00 AM 64000 C:\WINDOWS\SYSTEM32\PFAUTO8.DLL
WinShutDown 5/9/1997 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\PRAUTO8.DLL
WinShutDown 5/9/1997 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\QPAUTO8.DLL
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 3:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 5/9/1997 4:00:00 AM 72192 C:\WINDOWS\SYSTEM32\WPAUTO8.DLL
69.59.186.63 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 2:48:08 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/18/2005 1:44:12 PM S 2048 C:\WINDOWS\bootstat.dat
9/14/2005 10:06:18 PM H 54156 C:\WINDOWS\QTFont.qfn
8/29/2005 8:36:04 PM HS 26112 C:\WINDOWS\system32\ddcyv.dll
9/18/2005 1:44:04 PM H 8192 C:\WINDOWS\system32\config\default.LOG
9/18/2005 1:44:32 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/18/2005 1:44:14 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/18/2005 1:44:34 PM H 57344 C:\WINDOWS\system32\config\software.LOG
9/18/2005 1:44:18 PM H 925696 C:\WINDOWS\system32\config\system.LOG
9/14/2005 10:43:28 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/30/2005 12:37:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1b9533a3-e181-4c1c-a7ab-e1f59ac4b4db
9/18/2005 1:42:46 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/22/2004 11:44:42 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
8/30/2005 2:48:12 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/6/2005 1:57:40 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
12/20/2003 1:02:30 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
5/30/2004 12:30:38 AM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/18/2005 12:50:16 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe
5/30/2004 12:30:38 AM 928 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
10/20/2004 10:05:56 AM 1898 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/19/2003 6:43:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/31/2004 10:25:04 PM 188 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
12/20/2003 1:02:30 AM HS 84 C:\Documents and Settings\Fallen_Angel\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
6/6/2005 1:54:06 PM 1213 C:\Documents and Settings\Fallen_Angel\Application Data\AdobeDLM.log
12/19/2003 6:43:30 PM HS 62 C:\Documents and Settings\Fallen_Angel\Application Data\desktop.ini
6/6/2005 1:54:04 PM 0 C:\Documents and Settings\Fallen_Angel\Application Data\dm.ini
3/30/2005 12:36:50 PM 106 C:\Documents and Settings\Fallen_Angel\Application Data\tvmuknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mqstqsqq
{b23c14a8-72bf-42b5-84d1-d51635f53087} = C:\WINDOWS\system32\ebrob.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = E:\Corel\Suite8\Versions\CVersion.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = E:\Corel\Suite8\Versions\CVersion.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\system32\wuauclt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E193D001-4699-683E-E16D-490141EB78C1}
= C:\WINDOWS\system32\kvnvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{FAA356E4-D317-42A6-AB41-A3021C6E7D52} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mm_server C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Norton SystemWorks "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
Rbrp C:\Program Files\htse\rrtc.exe
Naqlyfyb C:\WINDOWS\system32\m?hta.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoDrives 0
NoViewOnDrive 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\System32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/18/2005 1:54:14 PM
  • 0

#14
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OH yeah does anything need to be done with this at all??? (from my post before the last post I made):

"I couldn't run ActiveScan because I'm using Firefox, I remembered you posting to use Trend Micro, so I ran that (hope that's ok!)

It found this one file and wouldn't let me clean it because I needed a ticket number?

TROJ_QOOLOGIC.Q (1) in the file C:\WINDOWS\system32\wvgbv.dat"

It said I think that it's a high risk file??
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I'm not sure about the reference to a ticket number. That's the first time I've heard that. But it's definitely qoologic so we'll get rid of it along with the rest of the bad files that show up in your winpfind log.


Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\mqstqsqq]

[-HKEY_CLASSES_ROOT\CLSID\{b23c14a8-72bf-42b5-84d1-d51635f53087}]


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!



Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:

    • C:\WINDOWS\SYSTEM32\ebrob.dll
      C:\WINDOWS\SYSTEM32\fgfkgfg.dll
      C:\WINDOWS\SYSTEM32\wuauclt.dll
      C:\WINDOWS\SYSTEM32\vgactl.cpl
      C:\WINDOWS\system32\wvgbv.dat
      C:\Documents and Settings\Fallen_Angel\Application Data\tvmuknwrd.dll
      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe
      C:\WINDOWS\system32\kvnvw.dll
      C:\Program Files\htse\rrtc.exe
      C:\WINDOWS\system32\m?hta.exe

  • Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
  • Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Your system will reboot now.



Please post a new hijackthis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP