Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System is still slow

Started by trh382000 , May 20 2007 02:10 PM

  • Please log in to reply

#1
trh382000
Posted 20 May 2007 - 02:10 PM

trh382000

    New Member

  • Member
  • Pip
  • 1 posts
I have done everything listed to doprior to this as per the instruction page. I now need to have someone look at the info generated in the log file. My computer is better by still not quite what it should be. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 2:42:24 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
D:\My Documents\My Projects\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CamMonitor] "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: WBKO FAST Alert.lnk = C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkkhgh - jkkkhgh.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

Incident Status Location
ACTIVE SCAN LOG
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
Spyware:Cookie/360i Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp
Spyware:Cookie/Screensavers Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lwqsgyrc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xfmrebii.dll
Spyware:Cookie/did-it Not disinfected D:\WINDOWS\Cookies\tim hindsman@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
Spyware:Cookie/Atwola Not disinfected D:\WINDOWS\Cookies\anyuser@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\anyuser@belnk[1].txt
Spyware:Cookie/did-it Not disinfected D:\WINDOWS\Cookies\anyuser@did-it[1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\anyuser@go[1].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
Spyware:Cookie/Winantivirus Not disinfected D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\anyuser@go[2].txt
Spyware:Cookie/Btgrab Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\anyuser@belnk[2].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\anyuser@888[2].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\anyuser@888[1].txt
Spyware:Cookie/Cassava Not disinfected D:\WINDOWS\Cookies\anyuser@cassava[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][4].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\tim [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected D:\WINDOWS\Cookies\anyuser@rn11[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
Spyware:Cookie/360i Not disinfected D:\WINDOWS\Cookies\[email protected][2].txt
SUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM

Application Version : 3.6.1000

Core Rules Database Version : 3241
Trace Rules Database Version: 1252

Scan type : Complete Scan
Total Scan Time : 00:38:47

Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}

Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
D:\WINDOWS\Cookies\anyuser@atwola[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@nextag[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@sexsearchcom[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[1].txt
D:\WINDOWS\Cookies\tim hindsman@mywebsearch[1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[2].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[2].txt
D:\WINDOWS\Cookies\anyuser@clicksor[2].txt
D:\WINDOWS\Cookies\anyuser@jamster[1].txt
D:\WINDOWS\Cookies\anyuser@interclick[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mywebsearch[1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[2].txt
D:\WINDOWS\Cookies\anyuser@onetruemedia[2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
D:\WINDOWS\Cookies\anyuser@elite[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@nbads[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[3].txt
D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
D:\WINDOWS\Cookies\anyuser@tagworld[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@stats[1].txt
D:\WINDOWS\Cookies\anyuser@smileycentral[2].txt
D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@emarketmakers[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@stats[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@cassava[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\anyuser@popularscreensavers[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@nextag[3].txt
D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
D:\WINDOWS\Cookies\anyuser@hotbar[2].txt
D:\WINDOWS\Cookies\anyuser@kanoodle[1].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[3].txt
D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@qnsr[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[3].txt
D:\WINDOWS\Cookies\tim hindsman@lynxtrack[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ticketsnow[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@kanoodle[2].txt
D:\WINDOWS\Cookies\anyuser@mediaonenetwork[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[3].txt
D:\WINDOWS\Cookies\tim hindsman@interclick[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@windowsmedia[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][4].txt
D:\WINDOWS\Cookies\anyuser@nextag[4].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[4].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mediaplayer[2].txt
D:\WINDOWS\Cookies\anyuser@stats[1].txt
D:\WINDOWS\Cookies\anyuser@emarketmakers[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][5].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[4].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\anyuser@metareward[1].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt

Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLLSUPERAntiSpyware Scan Log
Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLL
SUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM

Application Version : 3.6.1000

Core Rules Database Version : 3241
Trace Rules Database Version: 1252

Scan type : Complete Scan
Total Scan Time : 00:38:47

Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}

Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
D:\WINDOWS\Cookies\anyuser@atwola[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@nextag[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@sexsearchcom[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[1].txt
D:\WINDOWS\Cookies\tim hindsman@mywebsearch[1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[2].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[2].txt
D:\WINDOWS\Cookies\anyuser@clicksor[2].txt
D:\WINDOWS\Cookies\anyuser@jamster[1].txt
D:\WINDOWS\Cookies\anyuser@interclick[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mywebsearch[1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[2].txt
D:\WINDOWS\Cookies\anyuser@onetruemedia[2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
D:\WINDOWS\Cookies\anyuser@elite[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@nbads[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[3].txt
D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
D:\WINDOWS\Cookies\anyuser@tagworld[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@stats[1].txt
D:\WINDOWS\Cookies\anyuser@smileycentral[2].txt
D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@emarketmakers[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@stats[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@cassava[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\anyuser@popularscreensavers[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@nextag[3].txt
D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
D:\WINDOWS\Cookies\anyuser@hotbar[2].txt
D:\WINDOWS\Cookies\anyuser@kanoodle[1].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[3].txt
D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@qnsr[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[3].txt
D:\WINDOWS\Cookies\tim hindsman@lynxtrack[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ticketsnow[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@kanoodle[2].txt
D:\WINDOWS\Cookies\anyuser@mediaonenetwork[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[3].txt
D:\WINDOWS\Cookies\tim hindsman@interclick[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@windowsmedia[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][4].txt
D:\WINDOWS\Cookies\anyuser@nextag[4].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[4].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mediaplayer[2].txt
D:\WINDOWS\Cookies\anyuser@stats[1].txt
D:\WINDOWS\Cookies\anyuser@emarketmakers[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][5].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[4].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\anyuser@metareward[1].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt

Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLLSUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM

Application Version : 3.6.1000

Core Rules Database Version : 3241
Trace Rules Database Version: 1252

Scan type : Complete Scan
Total Scan Time : 00:38:47

Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}

Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ad
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP