Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer/adware problems


  • Please log in to reply

#1
roberson

roberson

    Member

  • Member
  • PipPip
  • 22 posts
I have been battling adware on my computer for the last 36 hours. I have run Spybot, Ad-Aware, and TrojanHunter, all with limited success. I have manually deleted several malware items using HijackThis but cannot seem to get rid of WinFixer and perhaps a few others. I have read through your threads and have downloaded l2mfix and run the 1st step but am unclear on your criteria for running the 2nd step. I have posted my HJT log below. Your assistance is greatly appreciated.

Thanks,
Charlie

Logfile of HijackThis v1.99.1
Scan saved at 12:55:35 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat

4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\system32\poqabp.exe
C:\WINNT\system\aqad.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\ascc\usdh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} -

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec

Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat

4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet

1150_1300\SetConfig.exe -c Direct -p USB -pn "" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ymwsvc] C:\WINNT\system32\ymwsvc.exe
O4 - HKLM\..\Run: [mFex] C:\WINNT\gccgeija.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\poqabp.exe reg_run
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [KwssRkK4X] exdonf.exe
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: m drive.bat.lnk = C:\loscript\m logon script.bat
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks

Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B

Notebook Adapter\WPC11Cfg.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...win/QuickTimeIn

staller.exe
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\wzaueng1.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: MSSQLServer - Unknown owner - C:\MSSQL7\binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program

Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution

Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SQLServerAgent - Unknown owner - C:\MSSQL7\binn\sqlagent.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
Hello roberson, welcome to GeeksToGo! :tazz:

Install Ewido trojan scanner:
  • Please download the free trial version of Ewido trojan scanner.
  • Install ewido security suite.
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
  • To launch ewido double-click the icon on your desktop.
  • The program will now go to the main screen.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Click on Start update.
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed close Ewido. Do not scan with it yet.
Now reboot into Safe mode by tapping the F8 key while your computer starts up and selecting "Safe Mode" from the menu that appears. (You will not be able to access the internet while in Safe mode).

Close all windows except Ewido!

Scan with Ewido trojan scanner:
  • Run Ewido.
  • Click on scanner.
  • Click Complete System Scan.
  • Let the program scan the machine.
  • When it finds a bad file, it will ask you what you want to do with it. You must make a selection before you continue scanning.
    • Ewido has been detecting false positives lately, so do not select "Perform action with all infections".
    • Unless it is a file you know to be legitimate, select remove and click OK.
    • If you know the file is legitimate, select none and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
    • Click Save report.
    • Save the report to your desktop.
Reboot normally to get back to normal mode.
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Extract it to somewhere you will remember like the Desktop
Reboot into Safe Mode again
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind! Also post the log from ewido that should be on your desktop.
  • 0

#3
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Okay, the WinPFind ran all night but It's finally done. Below are the three logs you requested.

Thanks,
Charlie



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:37:45 PM, 8/15/2005
+ Report-Checksum: 4053FD40

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
[136] C:\WINNT\system32\wzaueng1.dll -> Spyware.Look2Me : Error during cleaning
[96] C:\WINNT\system32\vra256.dll -> Spyware.Look2Me : Error during cleaning
[440] C:\WINNT\system32\vra256.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Application Data\Qualcomm\Eudora\attach\Click Here I Dare Ya.exe -> Not-A-Virus.Joke.Irritan : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20050815-001801-285.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\Program Files\Internet Explorer\hjra.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\IECu3820.BUD/WINNT/Downloaded Program Files/ysbactivex.dll -> TrojanDownloader.IstBar : Error during cleaning
C:\Program Files\Privacy Crusader Full\quarantine\charlie@clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Privacy Crusader Full\quarantine\charlie@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Privacy Crusader Full\quarantine\charlie@preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\Privacy Crusader Full\quarantine\charlie@preferences[2].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tcf -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00077987.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077988.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077989.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077990.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077992.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077993.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077994.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00077998.exe -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\NPROTECT\00078020.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078026.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078041.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078048.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00078051.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00078085.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078092.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078106.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078114.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\RECYCLER\NPROTECT\00078115.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\RECYCLER\NPROTECT\00078116.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\RECYCLER\NPROTECT\00078117.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\RECYCLER\NPROTECT\00078118.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\RECYCLER\NPROTECT\00078135.DLL -> TrojanDownloader.IstBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00078144.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078148.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078156.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078186.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078187.exe -> TrojanDownloader.Small.bem : Cleaned with backup
C:\RECYCLER\NPROTECT\00078188.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078189.exe -> TrojanDownloader.Small.bem : Cleaned with backup
C:\RECYCLER\NPROTECT\00078190.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078191.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078192.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078193.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078195.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078202.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078203.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078210.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00078219.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00078220.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\RECYCLER\NPROTECT\00078221.exe -> Spyware.BiSpy : Cleaned with backup
C:\RECYCLER\NPROTECT\00078222.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00078223.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00078224.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00078226.EXE -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00078227.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\RECYCLER\NPROTECT\00078228.exe -> TrojanDropper.Delf.z : Cleaned with backup
C:\RECYCLER\NPROTECT\00078229.dll -> TrojanDownloader.Dyfuca.dc : Cleaned with backup
C:\RECYCLER\NPROTECT\00078237.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078238.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078239.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078240.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078246.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078252.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078267.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078575.CPL -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\RECYCLER\NPROTECT\00078578.DLL -> TrojanDownloader.Qoologic.p : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00078610.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00078610.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00078610.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00078610.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00078610.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\NPROTECT\00078621.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078622.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078628.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078668.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078672.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078691.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078698.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078703.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078717.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078768.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078828.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078831.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078838.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00078903.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078905.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\NPROTECT\00078906.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00078986.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00078990.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00079005.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00079038.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00079041.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00079055.exe -> Spyware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00079076.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00079095.exe -> Spyware.Pacer : Cleaned with backup
:mozilla.7:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.42:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.110:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.195:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.212:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.214:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.215:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.216:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.217:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.218:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.219:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.220:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.221:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.222:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.223:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.224:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.225:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.226:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.227:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.228:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.229:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.230:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.231:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.232:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.233:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.254:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.269:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.275:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.277:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.279:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.280:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.281:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.282:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.290:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.291:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.292:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.294:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.296:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.302:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.304:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.305:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.306:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.318:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.321:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.323:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.325:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.491:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.492:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.493:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.561:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.562:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.563:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.564:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.579:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.594:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.608:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.609:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.628:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Link4ads : Cleaned with backup
:mozilla.630:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.631:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.632:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.633:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.634:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.635:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.636:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.644:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.653:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.656:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.675:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.676:C:\RECYCLER\NPROTECT\00079180.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.212:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.237:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.248:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.250:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.251:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.267:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.272:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.295:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.298:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.305:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.308:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.309:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.310:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.315:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.317:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.323:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.324:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.329:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.332:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.336:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.338:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.339:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.340:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.341:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.343:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.569:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.570:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.571:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.572:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.601:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.615:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.616:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.635:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Link4ads : Cleaned with backup
:mozilla.637:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.638:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.639:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.640:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.641:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.649:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.650:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.660:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.663:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.682:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.683:C:\RECYCLER\NPROTECT\00079258.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.212:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.237:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.248:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.250:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.251:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.267:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.272:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.295:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.298:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.305:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.308:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.309:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.310:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.315:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.317:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.323:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.324:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.329:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.332:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.336:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.338:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.339:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.340:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.341:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.343:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.569:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.570:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.571:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.572:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.601:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.615:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.616:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.635:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Link4ads : Cleaned with backup
:mozilla.637:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.638:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.639:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.640:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.641:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.649:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.650:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.660:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.663:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.682:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.683:C:\RECYCLER\NPROTECT\00079259.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.212:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.237:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.248:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.250:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.251:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.267:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.272:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.295:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.298:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.305:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.308:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.309:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.310:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.315:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.317:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.323:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.324:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.329:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.332:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.336:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.338:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.339:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.340:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.341:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.343:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.569:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.570:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.571:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.572:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.601:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.615:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.616:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.635:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Link4ads : Cleaned with backup
:mozilla.637:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.638:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.639:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.640:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.641:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.649:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.650:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.660:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.663:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.682:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.683:C:\RECYCLER\NPROTECT\00079265.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.92:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.93:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.138:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.214:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.215:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.232:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.237:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.248:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.250:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.251:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.252:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.253:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.269:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.274:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.295:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.301:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.302:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.309:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.310:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.313:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.316:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.317:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.319:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.324:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.325:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.326:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.331:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.334:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.338:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.340:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.341:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.342:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.343:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.345:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.571:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.572:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.573:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.574:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.603:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.617:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.618:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.637:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Link4ads : Cleaned with backup
:mozilla.639:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.640:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.641:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.644:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.645:C:\RECYCLER\NPROTECT\00079269.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPRO
  • 0

#4
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
Looks like it got cut off...can you repost the part of the ewido log past the ":mozilla.***:C:\RECYCLER\NPROTECT\000792**.MOZ" lines and the other two logs?
  • 0

#5
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It was quite long. Here you go...


Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00079461.TXT -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00079463.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\NPROTECT\00079465.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00079467.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00079468.TXT -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\RECYCLER\NPROTECT\00079469.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00079470.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00079471.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINNT\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\xud_63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\SYSTEM\aqad.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINNT\SYSTEM32\AUNPS2.dll.tcf -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\SYSTEM32\damap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\dcfolder.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\doxrmdr.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\SYSTEM32\doxrmdr.exe.tcf -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\SYSTEM32\ebroa.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\ioircl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\klajhkj.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\SYSTEM32\kzdbr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\maastmib.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\nsh40.dll.tcf -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\SYSTEM32\nsm4.dll.tcf -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\SYSTEM32\poqabp.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINNT\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\SYSTEM32\wvgbk.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup


::Report End




WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 6/5/2005 8:21:36 AM 536313856 C:\WINNT\MEMORY.DMP
FSG! 6/5/2005 8:21:36 AM 536313856 C:\WINNT\MEMORY.DMP
aspack 6/5/2005 8:21:36 AM 536313856 C:\WINNT\MEMORY.DMP

Checking %System% folder...
Umonitor 8/15/2005 10:29:28 PM 417792 C:\WINNT\SYSTEM32\GJTUNAME.DLL
WinShutDown 8/15/2005 10:29:28 PM 417792 C:\WINNT\SYSTEM32\GJTUNAME.DLL
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINNT\SYSTEM32\locate.com
Umonitor 6/19/2003 3:05:04 PM 529168 C:\WINNT\SYSTEM32\RASDLG.DLL
Umonitor 8/15/2005 6:05:00 PM 417792 C:\WINNT\SYSTEM32\svvsvc.dll
WinShutDown 8/15/2005 6:05:00 PM 417792 C:\WINNT\SYSTEM32\svvsvc.dll
winsync 7/26/2000 6:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
H 8/15/2005 10:30:18 PM 54156 C:\WINNT\QTFont.qfn
H 8/15/2005 10:36:38 PM 553142 C:\WINNT\ShellIconCache
S 8/15/2005 10:36:48 PM 268 C:\WINNT\CSC\00000001
S 8/14/2005 10:41:04 PM 256 C:\WINNT\CSC\00000002
H 8/14/2005 10:06:32 AM 10820 C:\WINNT\HELP\nocontnt.GID
H 7/21/2005 9:10:42 AM 0 C:\WINNT\INF\oem23.inf
S 8/15/2005 10:29:28 PM 417792 C:\WINNT\SYSTEM32\GJTUNAME.DLL
S 8/15/2005 10:41:20 PM 417792 C:\WINNT\SYSTEM32\NJDLL.DLL
S 8/15/2005 6:05:00 PM 417792 C:\WINNT\SYSTEM32\svvsvc.dll
S 8/13/2005 8:26:54 PM 417792 C:\WINNT\SYSTEM32\wzaueng1.dll
SH 8/8/2005 9:28:04 AM 401408 C:\WINNT\SYSTEM32\??anregw.exe
H 8/15/2005 10:41:40 PM 1024 C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG
H 8/15/2005 10:41:06 PM 1024 C:\WINNT\SYSTEM32\CONFIG\SAM.LOG
H 8/15/2005 10:39:08 PM 1024 C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG
H 8/15/2005 10:58:42 PM 1024 C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG
SH 8/13/2005 10:17:00 PM 336 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\User\4a642520-059b-48fd-a043-ab02278311a2
SH 8/13/2005 10:17:00 PM 24 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
SH 8/15/2005 10:29:44 PM 188 C:\WINNT\TASKS\RUTASK.job
H 8/15/2005 10:36:48 PM 6 C:\WINNT\TASKS\SA.DAT
H 8/15/2005 2:49:34 PM 390 C:\WINNT\TASKS\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_NEWTON_Charlie.job

Checking for CPL files...
Microsoft Corporation 7/26/2000 1:00:00 PM 67344 C:\WINNT\SYSTEM32\ACCESS.CPL
Microsoft Corporation 6/19/2003 3:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Teleca Software Solutions AB 1/12/2004 12:05:52 PM 344064 C:\WINNT\SYSTEM32\ecsepm.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 2/20/2001 1:09:54 PM 109056 C:\WINNT\SYSTEM32\INPUT.CPL
Microsoft Corporation 7/26/2000 6:00:00 PM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 8/29/2002 10:10:26 AM 229479 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 7/26/2000 4:37:08 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Intel Corporation 5/11/2000 8:55:00 AM 720896 C:\WINNT\SYSTEM32\prosetp.cpl
Apple Computer, Inc. 7/10/2002 10:01:38 PM 295936 C:\WINNT\SYSTEM32\QuickTime.cpl
Symantec Corporation 11/5/1999 6:58:12 PM 143360 C:\WINNT\SYSTEM32\s32lucp1.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 7/26/2000 6:00:00 PM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\DLLCACHE\inetcpl.cpl
IBM Corporation 9/23/1999 7:44:36 PM 94208 C:\WINNT\SYSTEM32\DLLCACHE\mwcpa32.cpl
Microsoft Corporation 7/26/2000 6:00:00 PM 41232 C:\WINNT\SYSTEM32\DLLCACHE\nwc.cpl
Microsoft Corporation 7/26/2000 4:37:08 PM 41232 C:\WINNT\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\DLLCACHE\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/21/2005 3:23:46 PM 1575 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
4/8/2003 10:32:18 AM 1685 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
9/1/2003 2:22:42 PM 746 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-B Notebook Adapter Utility.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
8/15/2005 11:05:10 AM 533 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
11/23/2004 3:33:04 PM 0 C:\Documents and Settings\Administrator\Application Data\dm.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{838D6018-5676-4C2C-876B-1E7C5F63DB7D} = C:\WINNT\system32\NJDLL.DLL
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mqstxmtf
{c3ff1b1c-fbcc-4fc6-8f09-9059646e98f8} = C:\WINNT\system32\ebroa.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{969223c0-26aa-11d0-90ee-444553540000}
= pgpmn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{969223c0-26aa-11d0-90ee-444553540000}
= pgpmn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CC8D2568-3AC5-459F-851F-6F19A89CBCB1}
= C:\Program Files\Common Files\ESRI\esriShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E4563A4-2A9B-4912-BE38-906A0CB702CC}
Scriptlet.Tools = C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\Spybot\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
PRPCMonitor PRPCUI.exe
RxUser C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
madexe C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
SymTray - Norton SystemWorks C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

StatusClient C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
TomcatStartup C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
HPLJ Config C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p USB -pn "" -n 0 -l 1033 -sl 120000
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ymwsvc C:\WINNT\system32\ymwsvc.exe
mFex C:\WINNT\gccgeija.exe
\tools.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
SymTray - Norton SystemWorks

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
\tools.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
KwssRkK4X exdonf.exe
\tools.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
\tools.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key -{ZR;^m6
FileName0 C:\WINNT\system32\RSACi.rat
WarnOnOff 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 1
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 4
s 4
n 4
l 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
\tools.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
aqad.exe C:\WINNT\system\aqad.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets
= C:\WINNT\system32\wzaueng1.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/16/2005 6:50:29 AM




REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"PRPCMonitor"="PRPCUI.exe"
"RxUser"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxUser.exe"
"madexe"="C:\\Program Files\\Dell\\Resolution Assistant\\MotiveAssistant\\bin\\mad.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"StatusClient"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe"
"HPLJ Config"="C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1150_1300\\SetConfig.exe -c Direct -p USB -pn \"\" -n 0 -l 1033 -sl 120000"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ymwsvc"="C:\\WINNT\\system32\\ymwsvc.exe"
"mFex"="C:\\WINNT\\gccgeija.exe"
"\\tools.exe"="C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\tools.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- mqstxmtf
{c3ff1b1c-fbcc-4fc6-8f09-9059646e98f8}
C:\WINNT\system32\ebroa.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

Subkey --- TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
C:\PROGRA~1\TROJAN~1.2\contmenu.dll

Subkey --- {969223c0-26aa-11d0-90ee-444553540000}

pgpmn.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll

Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll

Subkey --- {CC8D2568-3AC5-459F-851F-6F19A89CBCB1}
C:\Program Files\Common Files\ESRI\esriShellExt.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
m drive.bat.lnk
QuickBooks 2002 Delivery Agent.lnk
Wireless-B Notebook Adapter Utility.lnk
==============================
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
m drive.bat.lnk
QuickBooks 2002 Delivery Agent.lnk
Wireless-B Notebook Adapter Utility.lnk
SpywareGuard.lnk
==============================
C:\WINNT\SYSTEM32 cpl files


ACCESS.CPL Microsoft Corporation
appwiz.cpl Microsoft Corporation
DESK.CPL Microsoft Corporation
ecsepm.cpl Teleca Software Solutions AB
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
INPUT.CPL Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
prosetp.cpl Intel Corporation
QuickTime.cpl Apple Computer, Inc.
s32lucp1.cpl Symantec Corporation
sticpl.cpl Microsoft Corporation
SYSDM.CPL Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
  • 0

#6
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
Download Pocket KillBox from http://www.downloads...org/KillBox.zip
Unzip it to your desktop.
There should now be a KillBox.exe on your desktop.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.
REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mqstxmtf]


Run Killbox:
  • Double-click KillBox.exe to start KillBox.
  • Select the "Delete on Reboot" option.
  • Copy all of the following files files at once:

    C:\WINNT\gccgeija.exe
    C:\WINNT\system32\ymwsvc.exe
    C:\WINNT\system32\vra256.dll
    C:\WINNT\SYSTEM32\GJTUNAME.DLL
    C:\WINNT\SYSTEM32\svvsvc.dll
    C:\WINNT\SYSTEM32\NJDLL.DLL
    C:\WINNT\SYSTEM32\wzaueng1.dll
    C:\WINNT\TASKS\RUTASK.job
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools
    C:\WINNT\system32\poqabp.exe


  • In Killbox go to "File" > "Paste from Clipboard."
  • Click the drop-down arrow to the right of the "Full Path of File to Delete" box and make sure these files are there together (except a few may not if they are already deleted).
  • Click the red button with a white X on it.
  • At the prompt entitled "Delete on Reboot" select yes.
  • At the prompt entitled "Delete next Reboot" select yes.
  • Your computer will reboot.

Delete the file in bold. Do NOT delete scanregw.exe, it is legit. The file you are looking for is another one that ends with "anregw.exe" but the first two characters are probably odd looking. It was modified on August 8, 2005 and is 401,408 bytes in size:
C:\WINNT\SYSTEM32\??anregw.exe


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!


Please run HijackThis, do a scan, and place a check next to the following items to be fixed:

O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O4 - HKLM\..\Run: [ymwsvc] C:\WINNT\system32\ymwsvc.exe
O4 - HKLM\..\Run: [mFex] C:\WINNT\gccgeija.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\poqabp.exe reg_run
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [KwssRkK4X] exdonf.exe
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\wzaueng1.dll


Close all browsers and windows except HijackThis and click "Fix checked".


Search for the following file and delete it if you find it (probably in C:\WINDOWS or C:\WINDOWS\System32):
exdonf.exe


You were correct, you have VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Also post a new HijackThis log with the L2mfix log. Except this time when you have the HijackThis log in Notepad go to "Format" and uncheck "Word Wrap" before you copy so the log isn't all broken up.
  • 0

#7
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Tried to run KillBox but only some of the items would paste. When I ran it I got this message.

"PendingFileRenameOperations Registry Data has been removed by External Process"
  • 0

#8
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
That means that the malware is trying to protect itself....just do killbox again and reboot manually ignoring the message.
  • 0

#9
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Well, I did it again but I'm not sure it worked. killBox didn't want to close but finally ended on shutdown

Next problem...I cannot find the file C:\WINNT\SYSTEM32\??anregw.exe

Charlie
  • 0

#10
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
You can try sorting the System32 folder by date modified. Go to "View" > "Arrange by" > "Modified". If you still can't find it, continue anyways....same goes for exdonf.exe....and some of the HijackThis entries may have already been removed by ewido.
  • 0

Advertisements


#11
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes, I did that as well as search all files and folders

Charlie
  • 0

#12
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
L2MFIX find log 1.03b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\wzaueng1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8DFBBC2C-DC5B-DBA4-290A-82F1F62B9DE4}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{969223c0-26aa-11d0-90ee-444553540000}"="Shell Extension"
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{838D6018-5676-4C2C-876B-1E7C5F63DB7D}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\InprocServer32]
@="C:\\WINNT\\system32\\sesinv.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
atmtd.dll Sat Aug 13 2005 11:20:30p A.... 687,592 671.48 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
gjtuname.dll Mon Aug 15 2005 10:29:28p ..... 417,792 408.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
njdll.dll Mon Aug 15 2005 10:41:20p ..... 417,792 408.00 K
s32evnt1.dll Thu Jul 28 2005 2:52:18p A.... 91,856 89.70 K
sesinv.dll Tue Aug 16 2005 5:39:04p ..S.R 417,792 408.00 K
svvsvc.dll Mon Aug 15 2005 6:05:00p ..... 417,792 408.00 K
wirelanb.dll Sat Aug 13 2005 11:45:30p A.... 417,792 408.00 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
wzaueng1.dll Sat Aug 13 2005 8:26:54p ..S.R 417,792 408.00 K

17 items found: 17 files (2 H/S), 0 directories.
Total of file sizes: 5,923,672 bytes 5.65 M
Locate .tmp files:

C:\WINNT\SYSTEM32\
guard.tmp Tue Aug 16 2005 3:13:26p ..S.R 417,792 408.00 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is D05C-AF71

Directory of C:\WINNT\System32

08/16/2005 05:58p <DIR> DLLCACHE
08/16/2005 05:39p 417,792 sesinv.dll
08/16/2005 03:13p 417,792 guard.tmp
08/13/2005 08:26p 417,792 wzaueng1.dll
08/08/2005 09:28a 401,408 ??anregw.exe
06/05/2003 10:26a 32 {C13CEE4F-F9F6-41FF-8F26-F314E45948BA}.dat
06/05/2003 10:25a 32 {179423FD-DA7F-408C-8B17-5B406273C026}.dat
06/05/2003 10:24a 32 {D00E7E94-7AF0-4226-B6C7-9FC394F3C832}.dat
06/05/2003 10:21a 32 {BA4E2572-35BF-487B-9BA8-AEA07ADB6EC8}.dat
06/05/2003 10:21a 32 {566D2E1D-8C5B-4F09-819A-E45CA4A497D2}.dat
06/05/2003 10:21a 32 {3A52CFF6-32B1-4E7A-B250-243ED3A8A06E}.dat
06/05/2003 10:19a 32 {02624135-A0EE-4970-AD64-945BDAB38F39}.dat
11 File(s) 1,655,008 bytes
1 Dir(s) 474,172,928 bytes free




Logfile of HijackThis v1.99.1
Scan saved at 6:31:49 PM, on 8/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p USB -pn "" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: m drive.bat.lnk = C:\loscript\m logon script.bat
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = factory.halcyon.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = factory.halcyon.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = factory.halcyon.net
O20 - Winlogon Notify: WebCheck - C:\WINNT\system32\wzaueng1.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MSSQLServer - Unknown owner - C:\MSSQL7\binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SQLServerAgent - Unknown owner - C:\MSSQL7\binn\sqlagent.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#13
Canoeingkidd

Canoeingkidd

    Malware Expert

  • Retired Staff
  • 148 posts
Sorry roberson, L2mfix was updated just an hour or two ago...It was causing problems with Windows Update (I think because Microsoft changed a few things recently). I'd like you to delete the copy you have and redownload from the mirror at http://www.atribune....oads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!


Also...do you know what this is for and why its running at startup?:
C:\loscript\m logon script.bat

Edited by Canoeingkidd, 16 August 2005 - 08:37 PM.

  • 0

#14
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Now WINLOGON.exe reboots my computer ever few minutes. Will try to proceed...
  • 0

#15
roberson

roberson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I do not know what that script.bat is...


L2MFIX find log 1.03c
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\wzaueng1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8DFBBC2C-DC5B-DBA4-290A-82F1F62B9DE4}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{969223c0-26aa-11d0-90ee-444553540000}"="Shell Extension"
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{838D6018-5676-4C2C-876B-1E7C5F63DB7D}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{838D6018-5676-4C2C-876B-1E7C5F63DB7D}\InprocServer32]
@="C:\\WINNT\\system32\\MSXEX.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
atmtd.dll Sat Aug 13 2005 11:20:30p A.... 687,592 671.48 K
browseui.dll Sat Jun 18 2005 12:16:18a A.... 1,017,856 994.00 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
faxui.dll Wed Jul 13 2005 3:22:02a A.... 138,000 134.77 K
gjtuname.dll Mon Aug 15 2005 10:29:28p ..... 417,792 408.00 K
icm32.dll Wed Jun 29 2005 3:30:56a A.... 246,032 240.27 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
kerberos.dll Wed Jun 15 2005 12:22:48a A.... 208,144 203.27 K
mscms.dll Wed Jun 29 2005 3:30:56a A.... 69,904 68.27 K
mshtml.dll Mon Jul 18 2005 4:22:12p A.... 2,699,264 2.57 M
msxex.dll Wed Aug 17 2005 10:02:18a ..S.R 417,792 408.00 K
njdll.dll Mon Aug 15 2005 10:41:20p ..... 417,792 408.00 K
s32evnt1.dll Thu Jul 28 2005 2:52:18p A.... 91,856 89.70 K
shdocvw.dll Sat Jun 18 2005 12:15:18a A.... 1,338,368 1.27 M
shlwapi.dll Wed May 25 2005 10:14:58a A.... 408,576 399.00 K
spoolss.dll Wed Jul 13 2005 3:22:02a A.... 81,168 79.27 K
svvsvc.dll Mon Aug 15 2005 6:05:00p ..... 417,792 408.00 K
tapisrv.dll Sat Jul 2 2005 7:30:14a A.... 175,888 171.77 K
umpnpmgr.dll Wed Jun 29 2005 2:45:16a A.... 89,360 87.27 K
win32spl.dll Wed Jul 13 2005 3:22:02a A.... 88,848 86.77 K
wininet.dll Fri Jun 17 2005 11:49:00p A.... 574,976 561.50 K
wirelanb.dll Sat Aug 13 2005 11:45:30p A.... 417,792 408.00 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
wzaueng1.dll Sat Aug 13 2005 8:26:54p ..S.R 417,792 408.00 K

30 items found: 30 files (2 H/S), 0 directories.
Total of file sizes: 13,060,056 bytes 12.45 M
Locate .tmp files:

C:\WINNT\SYSTEM32\
guard.tmp Tue Aug 16 2005 3:13:26p ..S.R 417,792 408.00 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is D05C-AF71

Directory of C:\WINNT\System32

08/17/2005 10:05a <DIR> DLLCACHE
08/17/2005 10:02a 417,792 MSXEX.DLL
08/16/2005 03:13p 417,792 guard.tmp
08/13/2005 08:26p 417,792 wzaueng1.dll
08/08/2005 09:28a 401,408 ??anregw.exe
06/05/2003 10:26a 32 {C13CEE4F-F9F6-41FF-8F26-F314E45948BA}.dat
06/05/2003 10:25a 32 {179423FD-DA7F-408C-8B17-5B406273C026}.dat
06/05/2003 10:24a 32 {D00E7E94-7AF0-4226-B6C7-9FC394F3C832}.dat
06/05/2003 10:21a 32 {BA4E2572-35BF-487B-9BA8-AEA07ADB6EC8}.dat
06/05/2003 10:21a 32 {566D2E1D-8C5B-4F09-819A-E45CA4A497D2}.dat
06/05/2003 10:21a 32 {3A52CFF6-32B1-4E7A-B250-243ED3A8A06E}.dat
06/05/2003 10:19a 32 {02624135-A0EE-4970-AD64-945BDAB38F39}.dat
11 File(s) 1,655,008 bytes
1 Dir(s) 152,025,088 bytes free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP