Logfile of HijackThis v1.99.1
Scan saved at 2:42:24 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
D:\My Documents\My Projects\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CamMonitor] "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: WBKO FAST Alert.lnk = C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkkhgh - jkkkhgh.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
Incident Status Location
ACTIVE SCAN LOG
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
Spyware:Cookie/360i Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp
Spyware:Cookie/Screensavers Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/Winantivirus Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lwqsgyrc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xfmrebii.dll
Spyware:Cookie/did-it Not disinfected D:\WINDOWS\Cookies\tim hindsman@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
Spyware:Cookie/Atwola Not disinfected D:\WINDOWS\Cookies\anyuser@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\anyuser@belnk[1].txt
Spyware:Cookie/did-it Not disinfected D:\WINDOWS\Cookies\anyuser@did-it[1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\anyuser@go[1].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
Spyware:Cookie/Winantivirus Not disinfected D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\anyuser@go[2].txt
Spyware:Cookie/Btgrab Not disinfected D:\WINDOWS\Cookies\tim [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\anyuser@belnk[2].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\anyuser@888[2].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\anyuser@888[1].txt
Spyware:Cookie/Cassava Not disinfected D:\WINDOWS\Cookies\anyuser@cassava[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\tim [email protected][4].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\tim [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected D:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected D:\WINDOWS\Cookies\anyuser@rn11[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
Spyware:Cookie/360i Not disinfected D:\WINDOWS\Cookies\[email protected][2].txt
SUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM
Application Version : 3.6.1000
Core Rules Database Version : 3241
Trace Rules Database Version: 1252
Scan type : Complete Scan
Total Scan Time : 00:38:47
Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
D:\WINDOWS\Cookies\anyuser@atwola[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@nextag[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@sexsearchcom[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[1].txt
D:\WINDOWS\Cookies\tim hindsman@mywebsearch[1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[2].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[2].txt
D:\WINDOWS\Cookies\anyuser@clicksor[2].txt
D:\WINDOWS\Cookies\anyuser@jamster[1].txt
D:\WINDOWS\Cookies\anyuser@interclick[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mywebsearch[1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[2].txt
D:\WINDOWS\Cookies\anyuser@onetruemedia[2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
D:\WINDOWS\Cookies\anyuser@elite[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@nbads[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[3].txt
D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
D:\WINDOWS\Cookies\anyuser@tagworld[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@stats[1].txt
D:\WINDOWS\Cookies\anyuser@smileycentral[2].txt
D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@emarketmakers[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@stats[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@cassava[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\anyuser@popularscreensavers[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@nextag[3].txt
D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
D:\WINDOWS\Cookies\anyuser@hotbar[2].txt
D:\WINDOWS\Cookies\anyuser@kanoodle[1].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[3].txt
D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@qnsr[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[3].txt
D:\WINDOWS\Cookies\tim hindsman@lynxtrack[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ticketsnow[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@kanoodle[2].txt
D:\WINDOWS\Cookies\anyuser@mediaonenetwork[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[3].txt
D:\WINDOWS\Cookies\tim hindsman@interclick[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@windowsmedia[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][4].txt
D:\WINDOWS\Cookies\anyuser@nextag[4].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[4].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mediaplayer[2].txt
D:\WINDOWS\Cookies\anyuser@stats[1].txt
D:\WINDOWS\Cookies\anyuser@emarketmakers[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][5].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[4].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\anyuser@metareward[1].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLLSUPERAntiSpyware Scan Log
Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLL
SUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM
Application Version : 3.6.1000
Core Rules Database Version : 3241
Trace Rules Database Version: 1252
Scan type : Complete Scan
Total Scan Time : 00:38:47
Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[4].txt
D:\WINDOWS\Cookies\anyuser@atwola[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@nextag[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@sexsearchcom[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[1].txt
D:\WINDOWS\Cookies\tim hindsman@mywebsearch[1].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[2].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[2].txt
D:\WINDOWS\Cookies\anyuser@clicksor[2].txt
D:\WINDOWS\Cookies\anyuser@jamster[1].txt
D:\WINDOWS\Cookies\anyuser@interclick[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mywebsearch[1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[2].txt
D:\WINDOWS\Cookies\anyuser@onetruemedia[2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@entrepreneur[1].txt
D:\WINDOWS\Cookies\anyuser@elite[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@nbads[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[3].txt
D:\WINDOWS\Cookies\anyuser@winantispyware[2].txt
D:\WINDOWS\Cookies\anyuser@tagworld[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@stats[1].txt
D:\WINDOWS\Cookies\anyuser@smileycentral[2].txt
D:\WINDOWS\Cookies\tim hindsman@entrepreneur[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@emarketmakers[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\anyuser@stats[2].txt
D:\WINDOWS\Cookies\tim hindsman@qnsr[2].txt
D:\WINDOWS\Cookies\anyuser@belnk[2].txt
D:\WINDOWS\Cookies\anyuser@cassava[1].txt
D:\WINDOWS\Cookies\anyuser@azjmp[1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
D:\WINDOWS\Cookies\anyuser@popularscreensavers[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@nextag[3].txt
D:\WINDOWS\Cookies\tim hindsman@offeroptimizer[2].txt
D:\WINDOWS\Cookies\anyuser@hotbar[2].txt
D:\WINDOWS\Cookies\anyuser@kanoodle[1].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[3].txt
D:\WINDOWS\Cookies\anyuser@offeroptimizer[2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@qnsr[2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[3].txt
D:\WINDOWS\Cookies\tim hindsman@lynxtrack[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ticketsnow[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@kanoodle[2].txt
D:\WINDOWS\Cookies\anyuser@mediaonenetwork[1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@adknowledge[3].txt
D:\WINDOWS\Cookies\tim hindsman@interclick[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@windowsmedia[1].txt
D:\WINDOWS\Cookies\tim [email protected][3].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][4].txt
D:\WINDOWS\Cookies\anyuser@nextag[4].txt
D:\WINDOWS\Cookies\anyuser@partner2profit[4].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][2].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\anyuser@mediaplayer[2].txt
D:\WINDOWS\Cookies\anyuser@stats[1].txt
D:\WINDOWS\Cookies\anyuser@emarketmakers[2].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim [email protected][5].txt
D:\WINDOWS\Cookies\tim hindsman@partner2profit[4].txt
D:\WINDOWS\Cookies\tim [email protected][1].txt
D:\WINDOWS\Cookies\anyuser@metareward[1].txt
D:\WINDOWS\Cookies\[email protected][3].txt
D:\WINDOWS\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\anyuser@adknowledge[3].txt
D:\WINDOWS\Cookies\tim [email protected][4].txt
Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\XDYYFWRB.DLLSUPERAntiSpyware Scan Log
Generated 05/20/2007 at 03:44 AM
Application Version : 3.6.1000
Core Rules Database Version : 3241
Trace Rules Database Version: 1252
Scan type : Complete Scan
Total Scan Time : 00:38:47
Memory items scanned : 364
Memory threats detected : 1
Registry items scanned : 5350
Registry threats detected : 34
File items scanned : 36096
File threats detected : 135
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNNN.DLL
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32
HKCR\CLSID\{252694CE-4D3D-430E-AC17-0D36D0296C8D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VQUDNPEP.DLL
HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RIVOKHKN.DLL
HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BFIAHUKW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252694CE-4D3D-430E-AC17-0D36D0296C8D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnnn
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKKHGH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{338DA9F8-3260-41FC-A66B-19B525185D1A}
HKCR\CLSID\{338DA9F8-3260-41FC-A66B-19B525185D1A}
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32
HKCR\CLSID\{F83CCFF7-7356-400E-AC38-D7220B404DEC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F83CCFF7-7356-400E-AC38-D7220B404DEC}
Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
C:\Documents and Settings\Tim\Cookies\tim@winantivirus[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[2].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
D:\WINDOWS\Cookies\tim hindsman@nextag[1].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@belnk[1].txt
D:\WINDOWS\Cookies\tim hindsman@azjmp[2].txt
D:\WINDOWS\Cookies\tim [email protected][2].txt
D:\WINDOWS\Cookies\tim hindsman@ad