1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

spyware or virus problems

Discussion in 'Malware and Virus Removal Archive' started by swiss, 2007/10/26.

  1. 2007/10/26
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    hello,i have lost the control panel,register editing,task manager,and i do not know what else.i have xoftspy spyware remover but it does not work.here is my hijack this log.any help would be greatly appreciated.thank you swissnning processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\TEMP\win2F39.tmp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\stfuhqjt.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
    C:\Program Files\RegistrySmart\RegistrySmart.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Mark\Desktop\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [crmpotwh] rundll32.exe "C:\Program Files\itqfwvan\wlajwrqf.dll ",Init
    O4 - HKLM\..\Run: [pmvalmtk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pmvalmtk.dll "
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2F39.tmp.exe
    O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [24d4a8fe] rundll32.exe "C:\WINDOWS\system32\ewibcwqj.dll ",b
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASKS~1\attrib.exe" -vt yazb
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A982621F-51B0-4E39-83B1-C4E74975171B}: NameServer = 68.28.146.92 68.28.154.92
    O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\stfuhqjt.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
     
    swiss,
    #1
  2. 2007/10/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi swiss

    Please post the header of HJT, we need to make sure you are using the latest version.

    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the Combofix log and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/10/29
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    thank You Very Much Gery For Your Help.Here Is The 2 Logs
    Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
    .

    2007-10-29 16:03 32,256 --a------ C:\WINDOWS\system32\ljjhijg.dll
    2007-10-29 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-25 16:40 <DIR> d-------- C:\WINDOWS\Sun
    2007-10-25 16:15 11,776 --a------ C:\WINDOWS\mgrs.exe
    2007-10-24 08:26 <DIR> d-------- C:\Program Files\E404 Helper
    2007-10-24 08:13 84,544 --a------ C:\WINDOWS\system32\ewibcwqj.dll
    2007-10-24 08:08 75,328 --a------ C:\WINDOWS\system32\mhshrtsg.exe
    2007-10-24 08:01 77,376 --a------ C:\WINDOWS\system32\xrrysjru.dll
    2007-10-22 21:04 <DIR> d-------- C:\Documents and Settings\Mark\Shared
    2007-10-22 21:04 <DIR> d-------- C:\Documents and Settings\Mark\Incomplete
    2007-10-22 20:59 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
    2007-10-22 20:34 <DIR> d-------- C:\Program Files\Java
    2007-10-22 20:27 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-22 19:17 75,328 --a------ C:\WINDOWS\system32\jrpiumli.exe
    2007-10-22 19:16 75,328 --a------ C:\WINDOWS\system32\jgpheywx.exe
    2007-10-22 19:01 86,080 --a------ C:\WINDOWS\system32\sbkewkev.dll
    2007-10-22 18:55 75,328 --a------ C:\WINDOWS\system32\satbjxuj.exe
    2007-10-22 18:39 75,328 --a------ C:\WINDOWS\system32\rqtpasfy.exe
    2007-10-22 18:33 144,696 --a------ C:\Program Files\ucleaner_setup.exe
    2007-10-22 18:28 86,080 --a------ C:\WINDOWS\system32\mloauvgy.dll
    2007-10-22 18:27 75,328 --a------ C:\WINDOWS\system32\oiibufbw.exe
    2007-10-21 16:27 83,008 --a------ C:\WINDOWS\system32\yyofgjxj.dll
    2007-10-21 16:24 75,328 --a------ C:\WINDOWS\system32\predfnuw.exe
    2007-10-21 16:21 77,376 --a------ C:\WINDOWS\system32\sjgauyky.dll
    2007-10-21 11:51 75,328 --a------ C:\WINDOWS\system32\cyilytfq.exe
    2007-10-21 11:26 28,679 --------- C:\Program Files\c_setup.exe
    2007-10-21 11:21 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-21 11:21 14,900 --a------ C:\Program Files\3269.exe
    2007-10-19 21:12 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-10-16 21:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-10-16 14:50 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
    2007-10-16 14:50 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
    2007-10-16 14:50 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
    2007-10-10 17:52 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\RegistrySmart
    2007-10-10 17:49 <DIR> d-------- C:\Program Files\RegistrySmart
    2007-10-10 17:04 <DIR> d-------- C:\Program Files\VideoAccessCodec
    2007-10-10 14:49 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-10-10 13:33 5,248 --a------ C:\WINDOWS\system32\giveio.sys
    2007-10-10 10:56 75,328 --a------ C:\WINDOWS\system32\fksvojdv.exe
    2007-10-10 10:03 198,437 --a------ C:\Pass2.cmd
    2007-10-10 09:54 84,544 --a------ C:\WINDOWS\system32\pjspojgc.dll
    2007-10-10 09:54 2,100 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-10 09:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-10 09:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-10 09:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-10 09:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-10 09:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-10 09:51 80,448 --a------ C:\WINDOWS\system32\duachjap.dll
    2007-10-10 09:48 75,328 --a------ C:\WINDOWS\system32\ukvtstgm.exe
    2007-10-09 19:27 79,424 --a------ C:\WINDOWS\system32\yeqvbipp.dll
    2007-10-09 19:24 75,328 --a------ C:\WINDOWS\system32\qdkyfomm.exe
    2007-10-08 21:23 77,376 --a------ C:\WINDOWS\system32\phohhpfn.dll
    2007-10-08 21:16 75,328 --a------ C:\WINDOWS\system32\mgmvrjki.exe
    2007-10-08 20:59 77,376 --a------ C:\WINDOWS\system32\htyjahdy.dll
    2007-10-08 20:52 75,328 --a------ C:\WINDOWS\system32\mxkjboto.exe
    2007-10-08 19:36 83,520 --a------ C:\WINDOWS\system32\cawxhifb.dll
    2007-10-08 19:32 75,328 --a------ C:\WINDOWS\system32\xxcfwdet.exe
    2007-10-08 19:31 75,328 --a------ C:\WINDOWS\system32\yfechlyv.exe
    2007-10-08 19:23 2,013,440 ---hs---- C:\WINDOWS\system32\vxycf.ini2
    2007-10-08 17:17 83,520 --a------ C:\WINDOWS\system32\korrglhu.dll
    2007-10-08 17:13 77,376 --a------ C:\WINDOWS\system32\dryoxhni.dll
    2007-10-08 17:11 75,328 --a------ C:\WINDOWS\system32\pehvjjhg.exe
    2007-10-08 12:44 77,376 --a------ C:\WINDOWS\system32\vbkmtpgg.dll
    2007-10-08 12:37 83,520 --a------ C:\WINDOWS\system32\qfpotdkb.dll
    2007-10-08 12:33 75,328 --a------ C:\WINDOWS\system32\giqecfeg.exe
    2007-10-08 00:38 78,912 --a------ C:\WINDOWS\system32\ggggejnk.dll
    2007-10-08 00:27 75,328 --a------ C:\WINDOWS\system32\uqueuopl.exe
    2007-10-08 00:26 75,328 --a------ C:\WINDOWS\system32\ivouhghh.exe
    2007-10-07 23:57 79,424 --a------ C:\WINDOWS\system32\ubptsjfc.dll
    2007-10-07 23:55 86,080 --a------ C:\WINDOWS\system32\desjumgs.dll
    2007-10-07 23:45 75,328 --a------ C:\WINDOWS\system32\bvttmhkd.exe
    2007-10-07 23:41 75,328 --a------ C:\WINDOWS\system32\ujxoqcqc.exe
    2007-10-07 23:18 79,424 --a------ C:\WINDOWS\system32\mygebnrh.dll
    2007-10-07 23:15 75,328 --a------ C:\WINDOWS\system32\cfgiymla.exe
    2007-10-07 21:37 35,840 --a------ C:\WINDOWS\system32\ddcdbxw.dll
    2007-10-07 21:30 79,424 --a------ C:\WINDOWS\system32\tgjxyrrr.dll
    2007-10-07 21:25 75,328 --a------ C:\WINDOWS\system32\sxikyhek.exe
    2007-10-07 18:05 75,328 --a------ C:\WINDOWS\system32\uaamtrrn.exe
    2007-10-07 18:01 75,328 --a------ C:\WINDOWS\system32\ibmxyeqo.exe
    2007-10-07 17:46 86,080 --a------ C:\WINDOWS\system32\crcpbcpl.dll
    2007-10-07 17:37 79,424 --a------ C:\WINDOWS\system32\cjpavvhy.dll
    2007-10-07 17:32 75,328 --a------ C:\WINDOWS\system32\nrvbetvm.exe
    2007-10-07 17:30 9,728 --a------ C:\Program Files\hlpsrv.exe
    2007-10-07 16:58 75,328 --a------ C:\WINDOWS\system32\ielscply.exe
    2007-10-07 16:38 75,328 --a------ C:\WINDOWS\system32\uvujukgj.exe
    2007-10-07 16:32 75,328 --a------ C:\WINDOWS\system32\sijobbqw.exe
    2007-10-07 16:03 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-10-07 15:28 75,328 --a------ C:\WINDOWS\system32\pltmguxw.exe
    2007-10-07 15:24 75,328 --a------ C:\WINDOWS\system32\aedjiqtk.exe
    2007-10-07 15:18 75,328 --a------ C:\WINDOWS\system32\xtbhnmlr.exe
    2007-10-07 14:18 75,328 --a------ C:\WINDOWS\system32\yfvnfcdh.exe
    2007-10-07 14:16 75,328 --a------ C:\WINDOWS\system32\kvfblxpq.exe
    2007-10-07 13:57 75,328 --a------ C:\WINDOWS\system32\hfkpyser.exe
    2007-10-07 13:10 75,328 --a------ C:\WINDOWS\system32\deiuklps.exe
    2007-10-07 12:16 75,328 --a------ C:\WINDOWS\system32\mdkfrtbe.exe
    2007-10-07 11:15 75,328 --a------ C:\WINDOWS\system32\sboswicf.exe
    2007-10-07 11:08 75,328 --a------ C:\WINDOWS\system32\fndytdax.exe
    2007-10-07 10:06 75,328 --a------ C:\WINDOWS\system32\pwbrmmqf.exe
    2007-10-07 09:56 75,328 --a------ C:\WINDOWS\system32\befrjkqw.exe
    2007-10-07 09:07 75,328 --a------ C:\WINDOWS\system32\vjedenfv.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-28 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-10-24 12:05 642,765 --sh--w C:\WINDOWS\system32\vxycf.bak2
    2007-10-22 23:17 638,931 --sh--w C:\WINDOWS\system32\vxycf.bak1
    2007-10-22 01:49 --------- d-----w C:\Documents and Settings\Mark\Application Data\uTorrent
    2007-09-29 02:08 75,328 ----a-w C:\WINDOWS\system32\updfexbr.exe
    2007-09-29 02:06 75,328 ----a-w C:\WINDOWS\system32\batbkyqw.exe
    2007-09-29 00:21 75,328 ----a-w C:\WINDOWS\system32\ajlmtyni.exe
    2007-09-29 00:19 75,328 ----a-w C:\WINDOWS\system32\ifbwvoht.exe
    2007-09-28 22:59 75,328 ----a-w C:\WINDOWS\system32\jnwwfcec.exe
    2007-09-28 22:56 75,328 ----a-w C:\WINDOWS\system32\wbjtnytp.exe
    2007-09-28 00:30 75,328 ----a-w C:\WINDOWS\system32\dnfwyqxj.exe
    2007-09-27 23:27 75,328 ----a-w C:\WINDOWS\system32\aanhcaes.exe
    2007-09-27 13:42 75,328 ----a-w C:\WINDOWS\system32\dvmvymol.exe
    2007-09-27 12:36 75,328 ----a-w C:\WINDOWS\system32\wcaqekif.exe
    2007-09-26 23:45 75,328 ----a-w C:\WINDOWS\system32\wvjpdhva.exe
    2007-09-26 23:40 75,328 ----a-w C:\WINDOWS\system32\vrmaghdj.exe
    2007-09-26 23:39 75,328 ----a-w C:\WINDOWS\system32\tamymead.exe
    2007-09-26 23:10 75,328 ----a-w C:\WINDOWS\system32\idlhqfvl.exe
    2007-09-26 23:01 75,328 ----a-w C:\WINDOWS\system32\dddpydho.exe
    2007-09-26 18:00 75,328 ----a-w C:\WINDOWS\system32\skhwxsxj.exe
    2007-09-26 16:37 75,328 ----a-w C:\WINDOWS\system32\tvxrqdgb.exe
    2007-09-26 16:19 75,328 ----a-w C:\WINDOWS\system32\tuknnbrt.exe
    2007-09-26 15:39 75,328 ----a-w C:\WINDOWS\system32\igatlqrb.exe
    2007-09-26 15:38 75,328 ----a-w C:\WINDOWS\system32\belqsxuh.exe
    2007-09-26 14:03 75,328 ----a-w C:\WINDOWS\system32\jrpyefnd.exe
    2007-09-26 14:02 75,328 ----a-w C:\WINDOWS\system32\oytoumlr.exe
    2007-09-26 13:38 75,328 ----a-w C:\WINDOWS\system32\kjcnppoa.exe
    2007-09-26 01:54 75,328 ----a-w C:\WINDOWS\system32\unyjmpju.exe
    2007-09-26 01:52 75,328 ----a-w C:\WINDOWS\system32\geptxylw.exe
    2007-09-25 22:47 75,328 ----a-w C:\WINDOWS\system32\sdnmcwra.exe
    2007-09-25 22:44 75,328 ----a-w C:\WINDOWS\system32\pkwqxhyx.exe
    2007-09-25 22:38 75,328 ----a-w C:\WINDOWS\system32\cgijtysa.exe
    2007-09-25 22:29 75,328 ----a-w C:\WINDOWS\system32\bmumibjj.exe
    2007-09-24 22:08 75,328 ----a-w C:\WINDOWS\system32\ypdusfve.exe
    2007-09-24 22:05 75,328 ----a-w C:\WINDOWS\system32\kobigcnp.exe
    2007-09-24 20:39 75,328 ----a-w C:\WINDOWS\system32\domwaabu.exe
    2007-09-24 20:35 75,328 ----a-w C:\WINDOWS\system32\xxkqwwyr.exe
    2007-09-24 18:58 75,328 ----a-w C:\WINDOWS\system32\mbkrgckb.exe
    2007-09-24 18:55 75,328 ----a-w C:\WINDOWS\system32\cehhxrgt.exe
    2007-09-24 17:44 75,328 ----a-w C:\WINDOWS\system32\jdpfdtop.exe
    2007-09-24 17:42 75,328 ----a-w C:\WINDOWS\system32\wlsawyiy.exe
    2007-09-24 02:27 75,328 ----a-w C:\WINDOWS\system32\rrlnbcwk.exe
    2007-09-24 01:24 75,328 ----a-w C:\WINDOWS\system32\nikavilo.exe
    2007-09-24 01:22 75,328 ----a-w C:\WINDOWS\system32\fecslmts.exe
    2007-09-24 01:18 75,328 ----a-w C:\WINDOWS\system32\jgoapgfw.exe
    2007-09-24 00:16 75,328 ----a-w C:\WINDOWS\system32\viepjhnn.exe
    2007-09-24 00:12 75,328 ----a-w C:\WINDOWS\system32\cjsvwrus.exe
    2007-09-23 23:12 75,328 ----a-w C:\WINDOWS\system32\kndamwvs.exe
    2007-09-23 23:10 75,328 ----a-w C:\WINDOWS\system32\eadqpkgg.exe
    2007-09-23 21:34 75,328 ----a-w C:\WINDOWS\system32\ljhdqcjp.exe
    2007-09-23 21:31 75,328 ----a-w C:\WINDOWS\system32\avosgrrd.exe
    2007-09-23 21:28 75,328 ----a-w C:\WINDOWS\system32\dcofikcn.exe
    2007-09-23 19:24 75,328 ----a-w C:\WINDOWS\system32\brsmetbr.exe
    2007-09-23 19:22 75,328 ----a-w C:\WINDOWS\system32\qwuntqlo.exe
    2007-09-23 16:42 75,328 ----a-w C:\WINDOWS\system32\jyjtlckl.exe
    2007-09-23 16:23 75,328 ----a-w C:\WINDOWS\system32\ykvbussk.exe
    2007-09-23 13:21 75,328 ----a-w C:\WINDOWS\system32\ulhnscsb.exe
    2007-09-23 01:09 75,328 ----a-w C:\WINDOWS\system32\wvbejunu.exe
    2007-09-23 01:07 75,328 ----a-w C:\WINDOWS\system32\lbtxvdyg.exe
    2007-09-22 23:33 75,328 ----a-w C:\WINDOWS\system32\llsvrqnm.exe
    2007-09-22 21:00 75,328 ----a-w C:\WINDOWS\system32\xdrrlacn.exe
    2007-09-22 19:50 75,328 ----a-w C:\WINDOWS\system32\hfeqiwbb.exe
    2007-09-22 19:47 75,328 ----a-w C:\WINDOWS\system32\qdwrajea.exe
    2007-09-22 17:07 75,328 ----a-w C:\WINDOWS\system32\lkkccbni.exe
    2007-09-22 17:03 75,328 ----a-w C:\WINDOWS\system32\ljcrlowt.exe
    2007-09-22 17:01 75,328 ----a-w C:\WINDOWS\system32\bilpbusk.exe
    2007-09-22 14:43 75,328 ----a-w C:\WINDOWS\system32\hhtvrsca.exe
    2007-09-22 14:41 75,328 ----a-w C:\WINDOWS\system32\gaqcxxvy.exe
    2007-09-22 13:56 75,328 ----a-w C:\WINDOWS\system32\vptkmcch.exe
    2007-09-22 02:16 75,328 ----a-w C:\WINDOWS\system32\ipajqcpy.exe
    2007-09-22 02:14 75,328 ----a-w C:\WINDOWS\system32\sjpbwhoo.exe
    2007-09-22 01:11 75,328 ----a-w C:\WINDOWS\system32\hyyxuuqd.exe
    2007-09-22 01:08 75,328 ----a-w C:\WINDOWS\system32\mabykuwd.exe
    2007-09-22 01:04 75,328 ----a-w C:\WINDOWS\system32\hthcywvk.exe
    2007-09-22 00:04 75,328 ----a-w C:\WINDOWS\system32\jhvatkfk.exe
    2007-09-21 23:53 75,328 ----a-w C:\WINDOWS\system32\uktfwpxt.exe
    2007-09-21 13:01 75,328 ----a-w C:\WINDOWS\system32\ciwpdmrn.exe
    2007-09-21 12:57 75,328 ----a-w C:\WINDOWS\system32\aekcnrdl.exe
    2007-09-21 11:55 75,328 ----a-w C:\WINDOWS\system32\pxrrmfdj.exe
    2007-09-21 11:52 75,328 ----a-w C:\WINDOWS\system32\ksfqmpbo.exe
    2007-09-21 11:48 75,328 ----a-w C:\WINDOWS\system32\ayxlccil.exe
    2007-09-21 02:57 75,328 ----a-w C:\WINDOWS\system32\dpksscft.exe
    2007-09-21 01:49 75,328 ----a-w C:\WINDOWS\system32\ptfdnvug.exe
    2007-09-20 23:54 75,328 ----a-w C:\WINDOWS\system32\apcjcxme.exe
    2007-09-20 23:53 75,328 ----a-w C:\WINDOWS\system32\kpwbtbuv.exe
    2007-09-20 23:45 75,328 ----a-w C:\WINDOWS\system32\wllsbtwt.exe
    2007-09-20 22:45 75,328 ----a-w C:\WINDOWS\system32\waymvxqg.exe
    2007-09-20 22:42 75,328 ----a-w C:\WINDOWS\system32\sjabfmva.exe
    2007-09-20 21:42 75,328 ----a-w C:\WINDOWS\system32\wuooeqgx.exe
    2007-09-20 21:39 75,328 ----a-w C:\WINDOWS\system32\qxjvyedw.exe
    2007-09-20 20:37 75,328 ----a-w C:\WINDOWS\system32\peqyogja.exe
    2007-09-20 17:06 75,328 ----a-w C:\WINDOWS\system32\itulvxrq.exe
    2007-09-20 14:14 75,328 ----a-w C:\WINDOWS\system32\lrtobjee.exe
    2007-09-20 14:02 75,328 ----a-w C:\WINDOWS\system32\vyxjafkl.exe
    2007-09-19 22:37 75,328 ----a-w C:\WINDOWS\system32\brjelodp.exe
    2007-09-19 22:34 75,328 ----a-w C:\WINDOWS\system32\jvlyacti.exe
    2007-09-19 21:34 75,328 ----a-w C:\WINDOWS\system32\vxenfpkm.exe
    2007-09-19 21:31 75,328 ----a-w C:\WINDOWS\system32\clpiycyk.exe
    2007-09-19 20:29 75,328 ----a-w C:\WINDOWS\system32\sfmvoglo.exe
    2007-09-19 18:01 75,328 ----a-w C:\WINDOWS\system32\oanqdkct.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
    2007-10-21 11:21 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94E21A33-CA98-4FA9-AF88-CFA4934DFB41}]
    2007-08-28 17:11 298080 --a------ C:\WINDOWS\system32\fcyxv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
    2007-08-11 19:33 31254 --a------ C:\WINDOWS\system32\qomjghg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
    2007-10-24 08:26 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-08-09 22:20]
    "RegistrySmart "= "C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-08-07 15:59]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "24d4a8fe "= "C:\WINDOWS\system32\ewibcwqj.dll" [2007-10-24 08:13]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "Sen "= "C:\WINDOWS\ASKS~1\attrib.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 12:14:59]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 15:28:04]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} "= C:\WINDOWS\system32\qomjghg.dll [2007-08-11 19:33 31254]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
    antiwpa.dll 2005-09-18 02:32 5376 C:\WINDOWS\system32\antiwpa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcyxv]
    C:\WINDOWS\system32\fcyxv.dll 2007-08-28 17:11 298080 C:\WINDOWS\system32\fcyxv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjghg]
    qomjghg.dll 2007-08-11 19:33 31254 C:\WINDOWS\system32\qomjghg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqlq32]
    winqlq32.dll 2007-08-11 19:33 23552 C:\WINDOWS\system32\winqlq32.dll


    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-29 21:14:19 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job "
    "2007-10-29 21:04:41 C:\WINDOWS\Tasks\XoftSpySE 2.job "
    "2007-10-07 20:04:21 C:\WINDOWS\Tasks\XoftSpySE.job "
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-29 17:25:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-29 17:43:26 - machine was rebooted
    .
    --- E O F ---
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:45:44 PM, on 10/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\stfuhqjt.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\RegistrySmart\RegistrySmart.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Mark\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {94E21A33-CA98-4FA9-AF88-CFA4934DFB41} - C:\WINDOWS\system32\fcyxv.dll
    O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\qomjghg.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [24d4a8fe] rundll32.exe "C:\WINDOWS\system32\ewibcwqj.dll ",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASKS~1\attrib.exe" -vt yazb
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O20 - Winlogon Notify: fcyxv - C:\WINDOWS\system32\fcyxv.dll
    O20 - Winlogon Notify: qomjghg - C:\WINDOWS\SYSTEM32\qomjghg.dll
    O20 - Winlogon Notify: winqlq32 - C:\WINDOWS\SYSTEM32\winqlq32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\stfuhqjt.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    --
    End of file - 4824 bytes
     
    swiss,
    #3
  5. 2007/10/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi swiss

    OK WOW.
    First thing, when you post a log you need to post the whole log, do not leave anything out.

    Please repost the Combofix log, we need to make sure everything is seen.

    Delete the HJT program you have from your add/remove list and download and install this one. following all directions.

    Download a copy of HijackThis installer from here and save it to your Desktop.

    1. Save HJTInstall.exe to your desktop.
    2. Double-click on the HJTintall.exe icon on your desktop.
      (Let it install to the default location C:\Program Files\Hijackthis)
    3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    4. Put a check by Create a desktop icon and then click Next again.
    5. Continue to follow the rest of the prompts from there.
    6. At the final dialogue box click Finish and it will launch HijackThis.
    7. Click on the Do a system scan and save a log file button.
      (It will scan and the log should open in Notepad.)
    8. Click on "Edit" > "Select All" to higlight the entire Notepad contents.
    9. Then click on "Edit" > "Copy ".
    10. Come back here to this thread and Paste the log in your next reply.
      (Right-click in the message body field and select "Paste ".)
    CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.


    Thanks
    Geri
     
    Geri,
    #4
  6. 2007/10/29
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    RE:spyware or virus problem

    Hopefully I Got It Right This Time.
    ComboFix 07-10-29.1** - Mark 2007-10-29 21:55:40.2 - NTFSx86
    Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\SecCenter
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\VideoAccessCodec
    C:\WINDOWS\asks~1
    C:\WINDOWS\asks~1\?asks\
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\system32\aanhcaes.exe
    C:\WINDOWS\system32\aecnwejw.exe
    C:\WINDOWS\system32\aedjiqtk.exe
    C:\WINDOWS\system32\aejcnapj.exe
    C:\WINDOWS\system32\aekcnrdl.exe
    C:\WINDOWS\system32\afauvkmx.ini
    C:\WINDOWS\system32\ajipimrf.exe
    C:\WINDOWS\system32\ajlmtyni.exe
    C:\WINDOWS\system32\ajprakic.exe
    C:\WINDOWS\system32\alvryfui.exe
    C:\WINDOWS\system32\apcjcxme.exe
    C:\WINDOWS\system32\ashilnfq.dll
    C:\WINDOWS\system32\avosgrrd.exe
    C:\WINDOWS\system32\axxosfhg.ini
    C:\WINDOWS\system32\ayxlccil.exe
    C:\WINDOWS\system32\batbkyqw.exe
    C:\WINDOWS\system32\batfocwm.exe
    C:\WINDOWS\system32\befrjkqw.exe
    C:\WINDOWS\system32\belqsxuh.exe
    C:\WINDOWS\system32\bfihxwac.ini
    C:\WINDOWS\system32\bilpbusk.exe
    C:\WINDOWS\system32\bkdtopfq.ini
    C:\WINDOWS\system32\blfjcpry.exe
    C:\WINDOWS\system32\bljtyfwm.exe
    C:\WINDOWS\system32\bmumibjj.exe
    C:\WINDOWS\system32\brjelodp.exe
    C:\WINDOWS\system32\brsmetbr.exe
    C:\WINDOWS\system32\bvttmhkd.exe
    C:\WINDOWS\system32\cawxhifb.dll
    C:\WINDOWS\system32\cdewlsjt.exe
    C:\WINDOWS\system32\cehhxrgt.exe
    C:\WINDOWS\system32\ceraynuw.exe
    C:\WINDOWS\system32\cfgiymla.exe
    C:\WINDOWS\system32\cgijtysa.exe
    C:\WINDOWS\system32\cgjopsjp.ini
    C:\WINDOWS\system32\ciwpdmrn.exe
    C:\WINDOWS\system32\cjommdwt.exe
    C:\WINDOWS\system32\cjpavvhy.dll
    C:\WINDOWS\system32\cjsvwrus.exe
    C:\WINDOWS\system32\clpiycyk.exe
    C:\WINDOWS\system32\cmscsyxi.exe
    C:\WINDOWS\system32\corxexkg.exe
    C:\WINDOWS\system32\cpqhfmxo.ini
    C:\WINDOWS\system32\crcpbcpl.dll
    C:\WINDOWS\system32\cyilytfq.exe
    C:\WINDOWS\system32\dcofikcn.exe
    C:\WINDOWS\system32\dddpydho.exe
    C:\WINDOWS\system32\deiuklps.exe
    C:\WINDOWS\system32\desjumgs.dll
    C:\WINDOWS\system32\dfevyice.dll
    C:\WINDOWS\system32\dnfwyqxj.exe
    C:\WINDOWS\system32\dobrelga.exe
    C:\WINDOWS\system32\domwaabu.exe
    C:\WINDOWS\system32\dpfnmajw.exe
    C:\WINDOWS\system32\dpksscft.exe
    C:\WINDOWS\system32\dryoxhni.dll
    C:\WINDOWS\system32\duachjap.dll
    C:\WINDOWS\system32\dvmvymol.exe
    C:\WINDOWS\system32\dwasccrb.exe
    C:\WINDOWS\system32\dxsxsleq.exe
    C:\WINDOWS\system32\eadqpkgg.exe
    C:\WINDOWS\system32\eciyvefd.ini
    C:\WINDOWS\system32\edjcuibc.exe
    C:\WINDOWS\system32\eflhgltn.exe
    C:\WINDOWS\system32\ehmxvwmp.dll
    C:\WINDOWS\system32\endywamg.exe
    C:\WINDOWS\system32\eqmrnfst.exe
    C:\WINDOWS\system32\eqnnsmjp.exe
    C:\WINDOWS\system32\esfiiose.exe
    C:\WINDOWS\system32\esubvudm.exe
    C:\WINDOWS\system32\ewibcwqj.dll
    C:\WINDOWS\system32\fbbhyldi.exe
    C:\WINDOWS\system32\fbjnslit.exe
    C:\WINDOWS\system32\fcjvqjpw.ini
    C:\WINDOWS\system32\fcyxv.dll
    C:\WINDOWS\system32\fecslmts.exe
    C:\WINDOWS\system32\fhxjsslk.exe
    C:\WINDOWS\system32\fksvojdv.exe
    C:\WINDOWS\system32\fndytdax.exe
    C:\WINDOWS\system32\fpbntmwk.exe
    C:\WINDOWS\system32\fvvborud.exe
    C:\WINDOWS\system32\fyuwonhs.exe
    C:\WINDOWS\system32\galkmyry.ini
    C:\WINDOWS\system32\gaqcxxvy.exe
    C:\WINDOWS\system32\geptxylw.exe
    C:\WINDOWS\system32\ggggejnk.dll
    C:\WINDOWS\system32\ghfsoxxa.dll
    C:\WINDOWS\system32\giqecfeg.exe
    C:\WINDOWS\system32\gjnfvumc.exe
    C:\WINDOWS\system32\gqjekrui.dll
    C:\WINDOWS\system32\hdjhxuas.exe
    C:\WINDOWS\system32\hfeqiwbb.exe
    C:\WINDOWS\system32\hfkpyser.exe
    C:\WINDOWS\system32\hheckrds.exe
    C:\WINDOWS\system32\hhjlgqga.exe
    C:\WINDOWS\system32\hhtvrsca.exe
    C:\WINDOWS\system32\hlgutjvq.exe
    C:\WINDOWS\system32\hmlyblpy.exe
    C:\WINDOWS\system32\htdbjfer.exe
    C:\WINDOWS\system32\hthcywvk.exe
    C:\WINDOWS\system32\htyjahdy.dll
    C:\WINDOWS\system32\hyqwcucp.exe
    C:\WINDOWS\system32\hyyxuuqd.exe
    C:\WINDOWS\system32\ibmxyeqo.exe
    C:\WINDOWS\system32\idlhqfvl.exe
    C:\WINDOWS\system32\idqehyyc.exe
    C:\WINDOWS\system32\ielscply.exe
    C:\WINDOWS\system32\ifbwvoht.exe
    C:\WINDOWS\system32\igatlqrb.exe
    C:\WINDOWS\system32\ihhgsune.exe
    C:\WINDOWS\system32\ipajqcpy.exe
    C:\WINDOWS\system32\iqgfcsxa.exe
    C:\WINDOWS\system32\irjlubhu.exe
    C:\WINDOWS\system32\itdrbxke.exe
    C:\WINDOWS\system32\itulvxrq.exe
    C:\WINDOWS\system32\iurkejqg.ini
    C:\WINDOWS\system32\ivouhghh.exe
    C:\WINDOWS\system32\iwfqqfqt.exe
    C:\WINDOWS\system32\iyanvyku.exe
    C:\WINDOWS\system32\jcintvqy.exe
    C:\WINDOWS\system32\jddserfu.exe
    C:\WINDOWS\system32\jdpfdtop.exe
    C:\WINDOWS\system32\jgoapgfw.exe
    C:\WINDOWS\system32\jgpheywx.exe
    C:\WINDOWS\system32\jhvatkfk.exe
    C:\WINDOWS\system32\jipsbysp.exe
    C:\WINDOWS\system32\jnwwfcec.exe
    C:\WINDOWS\system32\jqwcbiwe.ini
    C:\WINDOWS\system32\jrpiumli.exe
    C:\WINDOWS\system32\jrpyefnd.exe
    C:\WINDOWS\system32\jvlyacti.exe
    C:\WINDOWS\system32\jxjgfoyy.ini
    C:\WINDOWS\system32\jyjtlckl.exe
    C:\WINDOWS\system32\kjcnppoa.exe
    C:\WINDOWS\system32\kndamwvs.exe
    C:\WINDOWS\system32\kobigcnp.exe
    C:\WINDOWS\system32\korrglhu.dll
    C:\WINDOWS\system32\kpwbtbuv.exe
    C:\WINDOWS\system32\kqxsfwpj.exe
    C:\WINDOWS\system32\ksfqmpbo.exe
    C:\WINDOWS\system32\kvfblxpq.exe
    C:\WINDOWS\system32\kxmbqlpw.exe
    C:\WINDOWS\system32\lbtxvdyg.exe
    C:\WINDOWS\system32\leipysow.exe
    C:\WINDOWS\system32\lelhjhnr.exe
    C:\WINDOWS\system32\lhmjbfjn.exe
    C:\WINDOWS\system32\ljcrlowt.exe
    C:\WINDOWS\system32\ljhdqcjp.exe
    C:\WINDOWS\system32\ljtbdnok.exe
    C:\WINDOWS\system32\lkkccbni.exe
    C:\WINDOWS\system32\llsvrqnm.exe
    C:\WINDOWS\system32\lmuukdhs.exe
    C:\WINDOWS\system32\lpcbpcrc.ini
    C:\WINDOWS\system32\lrtobjee.exe
    C:\WINDOWS\system32\lsiqxbeo.exe
    C:\WINDOWS\system32\lsnmanjp.exe
    C:\WINDOWS\system32\mabykuwd.exe
    C:\WINDOWS\system32\makqavao.exe
    C:\WINDOWS\system32\masdfvih.exe
    C:\WINDOWS\system32\mbkrgckb.exe
    C:\WINDOWS\system32\mbuutjci.exe
    C:\WINDOWS\system32\mdkfrtbe.exe
    C:\WINDOWS\system32\mfbfitko.exe
    C:\WINDOWS\system32\mgmvrjki.exe
    C:\WINDOWS\system32\mhshrtsg.exe
    C:\WINDOWS\system32\mlifhavb.exe
    C:\WINDOWS\system32\mloauvgy.dll
    C:\WINDOWS\system32\mrongewm.dll
    C:\WINDOWS\system32\mwegnorm.ini
    C:\WINDOWS\system32\mxbtbcwe.exe
    C:\WINDOWS\system32\mxkjboto.exe
    C:\WINDOWS\system32\mygebnrh.dll
    C:\WINDOWS\system32\nahpbysy.exe
    C:\WINDOWS\system32\nfnjcouc.exe
    C:\WINDOWS\system32\ngqrcalv.exe
    C:\WINDOWS\system32\nikavilo.exe
    C:\WINDOWS\system32\nohssnri.exe
    C:\WINDOWS\system32\nrvbetvm.exe
    C:\WINDOWS\system32\nseckchp.exe
    C:\WINDOWS\system32\nvosxrdd.exe
    C:\WINDOWS\system32\oanqdkct.exe
    C:\WINDOWS\system32\oiibufbw.exe
    C:\WINDOWS\system32\omqghotc.exe
    C:\WINDOWS\system32\opnnmmk.dll
    C:\WINDOWS\system32\otnbwtfy.exe
    C:\WINDOWS\system32\oxmfhqpc.dll
    C:\WINDOWS\system32\oytoumlr.exe
    C:\WINDOWS\system32\pehvjjhg.exe
    C:\WINDOWS\system32\peqyogja.exe
    C:\WINDOWS\system32\pexosmiw.exe
    C:\WINDOWS\system32\pgmlagkt.exe
    C:\WINDOWS\system32\phohhpfn.dll
    C:\WINDOWS\system32\pjspojgc.dll
    C:\WINDOWS\system32\pkwqxhyx.exe
    C:\WINDOWS\system32\pltmguxw.exe
    C:\WINDOWS\system32\pmwvxmhe.ini
    C:\WINDOWS\system32\prdqpcwa.exe
    C:\WINDOWS\system32\predfnuw.exe
    C:\WINDOWS\system32\ptfdnvug.exe
    C:\WINDOWS\system32\pwbrmmqf.exe
    C:\WINDOWS\system32\pxrrmfdj.exe
    C:\WINDOWS\system32\qdkyfomm.exe
    C:\WINDOWS\system32\qdwrajea.exe
    C:\WINDOWS\system32\qfnlihsa.ini
    C:\WINDOWS\system32\qfpotdkb.dll
    C:\WINDOWS\system32\qomjghg.dll
    C:\WINDOWS\system32\qvxogjnj.dll
    C:\WINDOWS\system32\qwuntqlo.exe
    C:\WINDOWS\system32\qxjvyedw.exe
    C:\WINDOWS\system32\rabnlvqq.exe
    C:\WINDOWS\system32\rgfawmmt.exe
    C:\WINDOWS\system32\rhjlrjbo.exe
    C:\WINDOWS\system32\rpksklbv.exe
    C:\WINDOWS\system32\rqtpasfy.exe
    C:\WINDOWS\system32\rrlnbcwk.exe
    C:\WINDOWS\system32\satbjxuj.exe
    C:\WINDOWS\system32\sbkewkev.dll
    C:\WINDOWS\system32\sboswicf.exe
    C:\WINDOWS\system32\sdnmcwra.exe
    C:\WINDOWS\system32\sfmvoglo.exe
    C:\WINDOWS\system32\sgmujsed.ini
    C:\WINDOWS\system32\sijobbqw.exe
    C:\WINDOWS\system32\sjabfmva.exe
    C:\WINDOWS\system32\sjfnbdin.exe
    C:\WINDOWS\system32\sjgauyky.dll
    C:\WINDOWS\system32\sjpbwhoo.exe
    C:\WINDOWS\system32\sjyprxhe.exe
    C:\WINDOWS\system32\skhwxsxj.exe
    C:\WINDOWS\system32\skjmihke.exe
    C:\WINDOWS\system32\snkeqokl.exe
    C:\WINDOWS\system32\stfuhqjt.exe
    C:\WINDOWS\system32\sxikyhek.exe
    C:\WINDOWS\system32\tamymead.exe
    C:\WINDOWS\system32\tgjxyrrr.dll
    C:\WINDOWS\system32\tncmcnab.exe
    C:\WINDOWS\system32\tsskasre.exe
    C:\WINDOWS\system32\ttipwugl.exe
    C:\WINDOWS\system32\tttfeuaw.exe
    C:\WINDOWS\system32\tuknnbrt.exe
    C:\WINDOWS\system32\tvxrqdgb.exe
    C:\WINDOWS\system32\uaamtrrn.exe
    C:\WINDOWS\system32\ubptsjfc.dll
    C:\WINDOWS\system32\ucxyadrl.exe
    C:\WINDOWS\system32\uektlldc.exe
    C:\WINDOWS\system32\uhbylrnr.exe
    C:\WINDOWS\system32\uhlgrrok.ini
    C:\WINDOWS\system32\ujxoqcqc.exe
    C:\WINDOWS\system32\uktfwpxt.exe
    C:\WINDOWS\system32\ukvtstgm.exe
    C:\WINDOWS\system32\ulhnscsb.exe
    C:\WINDOWS\system32\unqmidjj.exe
    C:\WINDOWS\system32\unyjmpju.exe
    C:\WINDOWS\system32\uorjheuw.exe
    C:\WINDOWS\system32\uoutgxhb.exe
    C:\WINDOWS\system32\updfexbr.exe
    C:\WINDOWS\system32\uqsfrlim.exe
    C:\WINDOWS\system32\uqueuopl.exe
    C:\WINDOWS\system32\uurxferw.exe
    C:\WINDOWS\system32\uvujukgj.exe
    C:\WINDOWS\system32\vbkmtpgg.dll
    C:\WINDOWS\system32\vcggfnte.exe
    C:\WINDOWS\system32\vdaewkgx.exe
    C:\WINDOWS\system32\vekwekbs.ini
    C:\WINDOWS\system32\viepjhnn.exe
    C:\WINDOWS\system32\vjedenfv.exe
    C:\WINDOWS\system32\vlmvyyar.exe
    C:\WINDOWS\system32\vnqdwami.exe
    C:\WINDOWS\system32\vptkmcch.exe
    C:\WINDOWS\system32\vrmaghdj.exe
    C:\WINDOWS\system32\vudlksan.exe
    C:\WINDOWS\system32\vvgmaimj.exe
    C:\WINDOWS\system32\vxenfpkm.exe
    C:\WINDOWS\system32\vxycf.bak1
    C:\WINDOWS\system32\vxycf.bak2
    C:\WINDOWS\system32\vxycf.ini
    C:\WINDOWS\system32\vxycf.ini2
    C:\WINDOWS\system32\vxycf.tmp
    C:\WINDOWS\system32\vyxjafkl.exe
    C:\WINDOWS\system32\waymvxqg.exe
    C:\WINDOWS\system32\wbjtnytp.exe
    C:\WINDOWS\system32\wcaqekif.exe
    C:\WINDOWS\system32\wcgwckwn.exe
    C:\WINDOWS\system32\winqlq32.dll
    C:\WINDOWS\system32\wisubsin.exe
    C:\WINDOWS\system32\wllsbtwt.exe
    C:\WINDOWS\system32\wlsawyiy.exe
    C:\WINDOWS\system32\wpjqvjcf.dll
    C:\WINDOWS\system32\wqljmimp.exe
    C:\WINDOWS\system32\wqnywdhw.exe
    C:\WINDOWS\system32\wquyxybn.exe
    C:\WINDOWS\system32\wrhsamjv.exe
    C:\WINDOWS\system32\wsbmkwun.exe
    C:\WINDOWS\system32\wuooeqgx.exe
    C:\WINDOWS\system32\wvbejunu.exe
    C:\WINDOWS\system32\wvjpdhva.exe
    C:\WINDOWS\system32\wwcjpdwg.exe
    C:\WINDOWS\system32\xbbjrvvm.exe
    C:\WINDOWS\system32\xdrrlacn.exe
    C:\WINDOWS\system32\xeuwetuy.exe
    C:\WINDOWS\system32\xmkvuafa.dll
    C:\WINDOWS\system32\xmvxrwyx.exe
    C:\WINDOWS\system32\xrrysjru.dll
    C:\WINDOWS\system32\xtbhnmlr.exe
    C:\WINDOWS\system32\xuwoaeqe.exe
    C:\WINDOWS\system32\xxcfwdet.exe
    C:\WINDOWS\system32\xxkqwwyr.exe
    C:\WINDOWS\system32\yaywwur.dll
    C:\WINDOWS\system32\yeqvbipp.dll
    C:\WINDOWS\system32\yfechlyv.exe
    C:\WINDOWS\system32\yfvnfcdh.exe
    C:\WINDOWS\system32\ygvuaolm.ini
    C:\WINDOWS\system32\ykvbussk.exe
    C:\WINDOWS\system32\ynbtxkng.exe
    C:\WINDOWS\system32\ypdusfve.exe
    C:\WINDOWS\system32\yrymklag.dll
    C:\WINDOWS\system32\ytbtdglh.exe
    C:\WINDOWS\system32\yulbfyrc.exe
    C:\WINDOWS\system32\yyofgjxj.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_DRIVER
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
    .

    2007-10-29 21:48 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-29 16:03 32,256 --a------ C:\WINDOWS\system32\ljjhijg.dll
    2007-10-29 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-25 16:40 <DIR> d-------- C:\WINDOWS\Sun
    2007-10-24 08:26 <DIR> d-------- C:\Program Files\E404 Helper
    2007-10-22 21:04 <DIR> d-------- C:\Documents and Settings\Mark\Shared
    2007-10-22 21:04 <DIR> d-------- C:\Documents and Settings\Mark\Incomplete
    2007-10-22 20:59 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
    2007-10-22 20:34 <DIR> d-------- C:\Program Files\Java
    2007-10-22 20:27 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-21 11:26 28,679 --------- C:\Program Files\c_setup.exe
    2007-10-21 11:21 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-21 11:21 14,900 --a------ C:\Program Files\3269.exe
    2007-10-19 21:12 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-10-16 21:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-10-16 14:50 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
    2007-10-16 14:50 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
    2007-10-16 14:50 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
    2007-10-10 17:52 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\RegistrySmart
    2007-10-10 17:49 <DIR> d-------- C:\Program Files\RegistrySmart
    2007-10-10 14:49 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-10-10 13:33 5,248 --a------ C:\WINDOWS\system32\giveio.sys
    2007-10-10 10:03 198,437 --a------ C:\Pass2.cmd
    2007-10-10 09:54 2,100 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-10 09:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-10 09:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-10 09:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-10 09:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-10 09:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-07 21:37 35,840 --a------ C:\WINDOWS\system32\ddcdbxw.dll
    2007-10-07 17:30 9,728 --a------ C:\Program Files\hlpsrv.exe
    2007-10-07 16:03 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-09-19 10:50 <DIR> d-------- C:\Program Files\LimeWire
    2007-09-17 20:55 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-09-16 16:55 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2007-09-11 10:26 <DIR> d-------- C:\Program Files\Lavasoft
    2007-09-11 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-09-11 10:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-11 01:10 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\vlc
    2007-09-11 01:02 <DIR> d-------- C:\Program Files\VideoLAN
    2007-09-11 00:15 <DIR> d-------- C:\Program Files\uTorrent
    2007-09-11 00:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\uTorrent
    2007-09-10 21:21 13,312 --a------ C:\WINDOWS\system32\s2f.exe
    2007-09-07 14:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-09-05 01:28 <DIR> d-------- C:\Program Files\SharpC
    2007-09-04 09:36 <DIR> d-------- C:\Program Files\Auubzyfj
    2007-09-03 17:45 7,680 --a------ C:\sysbxvt.exe
    2007-09-03 17:44 <DIR> d-------- C:\Program Files\itqfwvan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-29 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-09-11 18:40 --------- d-----w C:\Program Files\QuickTime
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-29_17.38.24.77 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
    2007-10-21 11:21 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
    2007-10-24 08:26 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-08-09 22:20]
    "RegistrySmart "= "C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-08-07 15:59]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "Sen "= "C:\WINDOWS\ASKS~1\attrib.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 12:14:59]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 15:28:04]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
    antiwpa.dll 2005-09-18 02:32 5376 C:\WINDOWS\system32\antiwpa.dll


    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-30 03:02:37 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job "
    "2007-10-29 21:04:41 C:\WINDOWS\Tasks\XoftSpySE 2.job "
    "2007-10-07 20:04:21 C:\WINDOWS\Tasks\XoftSpySE.job "
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-29 22:58:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-29 23:10:07 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-29 17:43
    .
    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:28 PM, on 10/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\RegistrySmart\RegistrySmart.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASKS~1\attrib.exe" -vt yazb
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    --
    End of file - 3882 bytes
     
    swiss,
    #5
  7. 2007/10/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi swiss
    Ok, much better.

    Please follow these instruction exactly and in the order given.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Adsense Helper Object
    E404 Helper


    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


    Next.
    Please follow these instructions exactly as given.

    Now download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the "Update now" link.
      • The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen
    6. Now click on "Recommended actions" and then select "Quarantine ".
    7. Under "Reports "
      • Select " Do Not Automatically generate reports "
    8. Now click on the Shield icon under the “Resident shield is” click it to show inactive
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions "
    6. Next select the "Save Reports"
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Then Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then and paste the contents of main.txt and extra.txt in your next reply.


    Please post the Vundo log, the AVG AS log and the dss log.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2007/10/30
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    RE:spyware or virus problem

    I Ran Vundofix And It Did Not Find Any Infected Files And Then It Closed.Here Is The HJT Log.Those Programs Were Not In The Add Or Remove ProGrams.Thanks Again Geri.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:41:53 PM, on 10/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASKS~1\attrib.exe" -vt yazb
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A982621F-51B0-4E39-83B1-C4E74975171B}: NameServer = 68.28.146.92 68.28.154.92
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    --
    End of file - 3354 bytes
     
    swiss,
    #7
  9. 2007/10/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi swiss
    OK Good.

    But I need these posted.

    The AVG AS log and the dss log.

    Thanks
    Geri
     
    Geri,
    #8
  10. 2007/10/31
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    RE:spyware or virus problem

    here is the avg report.i will post the other log in another post

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:08:23 AM 10/31/2007

    + Scan result:



    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP61\A0071139.exe -> Adware.UltimateDefender : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053389.ini -> Downloader.Agent.bxx : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053391.dll -> Downloader.Agent.bxx : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053392.dll -> Downloader.Agent.bxx : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053393.dll -> Downloader.Agent.bxx : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053390.dll -> Downloader.Agent.dlf : Cleaned.
    C:\Program Files\hlpsrv.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052287.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052292.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052296.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052308.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052330.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052382.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053387.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0054363.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0055366.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0057363.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP54\A0064498.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP58\A0066607.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP60\A0069106.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP60\A0071109.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP60\A0071121.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP61\A0071137.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP62\A0074157.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP62\A0074160.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP62\A0074164.exe -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP64\A0077592.exe -> Downloader.Alphabet : Cleaned.
    C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir -> Downloader.Alphabet : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP60\A0069107.exe -> Downloader.Alphabet.aa : Cleaned.
    C:\WINDOWS\system32\s2f.exe -> Downloader.Alphabet.y : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053383.exe -> Downloader.Tibs.og : Cleaned.
    C:\Program Files\c_setup.exe -> Downloader.VB.bng : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052212.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050149.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP45\A0041125.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP45\A0041126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP45\A0041127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP45\A0041128.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0042122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0042126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0042127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0043122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0043126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0043127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0043128.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0044122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0044123.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP46\A0044127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP47\A0045125.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP47\A0045126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP47\A0045127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP47\A0045128.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0046122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0046123.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0046127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0047125.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0047126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0047127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP48\A0047128.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP49\A0048122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP49\A0048123.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP49\A0048127.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0049122.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050125.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050126.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050136.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050140.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050141.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050142.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050159.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050160.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0050164.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0051162.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0051163.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0051164.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP50\A0051165.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0051188.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0051189.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0051195.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052193.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052194.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052195.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052196.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052237.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052238.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP51\A0052244.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052286.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052299.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052300.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052317.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052322.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052348.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052349.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052350.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052352.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052363.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052364.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053370.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053371.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053372.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053374.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0055368.exe -> Not-A-Virus.Hoax.Win32.Renos.jg : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052365.exe -> Not-A-Virus.Hoax.Win32.Renos.lm : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053363.exe -> Not-A-Virus.Hoax.Win32.Renos.lm : Cleaned.
    C:\WINDOWS\system32\vds.dll -> Proxy.Agent.df : Cleaned.
    :mozilla.166:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.264:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.66:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.67:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.68:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.69:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.70:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.73:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.74:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.75:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.76:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.77:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.78:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.79:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.80:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.81:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.82:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.861:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.867:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@grouplotto.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
    :mozilla.535:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.536:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.537:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.726:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.730:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.731:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@bridge.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@roi.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@roi.admarketplace[3].txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.462:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.463:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.464:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.465:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.466:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.467:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.468:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.469:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.470:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.471:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.83:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.84:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.85:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.87:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.88:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.94:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.758:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.776:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.687:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.689:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.690:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.199:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.200:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.201:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.817:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.799:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.345:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
    :mozilla.86:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@enhance[3].txt -> TrackingCookie.Enhance : Cleaned.
    :mozilla.603:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.613:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.775:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.875:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wbmiuiazaao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wgk4ujdpmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wgkiqndzwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wjl4kjdpckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
     
    swiss,
    #9
  11. 2007/10/31
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    RE:spyware or virus problem

    Here Is The Rest Of AVG Report

    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wjlouodzwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wjny-1pdjab.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wjnycjd5iap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wjnycpcpilp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.281:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.283:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.285:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.286:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.287:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.495:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.794:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.818:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.951:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.308:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.309:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.310:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.399:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.402:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.483:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.496:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.653:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.654:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.747:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.791:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.319:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.320:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.795:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Info : Cleaned.
    :mozilla.796:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Info : Cleaned.
    :mozilla.797:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
    :mozilla.644:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.645:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.771:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.773:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.167:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.168:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.789:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.809:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.810:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.945:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.946:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.265:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.266:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.267:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.268:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.269:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.270:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.271:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.272:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.273:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.135:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.136:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.703:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Real : Cleaned.
    :mozilla.688:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.670:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.178:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.179:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.180:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.181:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.182:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.183:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.184:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.185:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.186:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.187:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.188:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.189:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.190:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.191:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.589:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.590:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.591:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.592:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.593:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.594:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.295:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.296:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.297:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.298:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.89:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.90:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.91:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.92:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.93:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
    :mozilla.693:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.694:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.282:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.284:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.288:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.289:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.290:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.291:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.292:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.293:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.294:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.130:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.131:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.132:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.133:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.667:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.668:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.251:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
    :mozilla.411:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Mark\Cookies\mark@yadro[3].txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.113:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.114:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.115:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.121:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.122:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.123:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.149:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.150:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.151:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.152:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.153:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.154:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\nycoyj08.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\sysbxvt.exe -> Trojan.Obfuscated.ho : Cleaned.
    C:\Program Files\itqfwvan\wlajwrqf.dll -> Trojan.Obfuscated.hy : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052351.sys -> Trojan.Tibs.ap : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052372.sys -> Trojan.Tibs.ap : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0053373.sys -> Trojan.Tibs.ap : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP54\A0064494.sys -> Trojan.Tibs.ap : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052366.exe -> Worm.Zhelatin.kl : Cleaned.
    C:\System Volume Information\_restore{7E4B525D-2BB3-45CC-AE87-5E2997EB30F1}\RP52\A0052367.exe -> Worm.Zhelatin.kl : Cleaned.


    ::Report end
     
    swiss,
    #10
  12. 2007/10/31
    swiss

    swiss Inactive Thread Starter

    Joined:
    2007/10/26
    Messages:
    7
    Likes Received:
    0
    RE:spyware or virus problem

    Deckard's System Scanner v20071014.68
    Run by Mark on 2007-10-31 09:25:05
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    27: 2007-10-31 13:26:10 UTC - RP70 - Deckard's System Scanner Restore Point
    26: 2007-10-30 18:33:16 UTC - RP69 - Software Distribution Service 3.0
    25: 2007-10-30 03:40:26 UTC - RP68 - Removed Jasc Paint Shop Photo Album
    24: 2007-10-30 03:33:11 UTC - RP67 - Removed Jasc Paint Shop Pro 8 Dell Edition
    23: 2007-10-30 03:30:39 UTC - RP66 - Removed RegistrySmart


    -- First Restore Point --
    1: 2007-09-27 14:38:45 UTC - RP44 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 128 MiB (512 MiB recommended).


    -- HijackThis (run as Mark.exe) ------------------------------------------------

    logfile has no content; running clone.
    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-10-31 09:29:34
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Mark\Desktop\dss.exe
    Ÿ>

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASKS~1\attrib.exe" -vt yazb
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe


    --
    End of file - 3418 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    S3 catchme - c:\docume~1\mark\locals~1\temp\catchme.sys (file missing)
    S3 giveio - c:\windows\system32\giveio.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Pantech Utility Service - c:\program files\sprint\pantech\sprint mobile broadband (pantech)\pwiutilityservice.exe <Not Verified; Sprint Spectrum, L.L.C; Sprint Mobile Broadband for Pantech>

    S2 ScsiAccess -


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
    Description: NT Apm/Legacy Interface Node
    Device ID: ROOT\NTAPM\0000
    Manufacturer: Microsoft
    Name: NT Apm/Legacy Interface Node
    PNP Device ID: ROOT\NTAPM\0000
    Service: NtApm

    Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
    Description: NEC PCI to USB Open Host Controller
    Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_A50019CD&REV_43\3&118AC728&0&0159
    Manufacturer: NEC
    Name: NEC PCI to USB Open Host Controller
    PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_A50019CD&REV_43\3&118AC728&0&0159
    Service: usbohci


    -- Scheduled Tasks -------------------------------------------------------------

    2007-10-31 09:11:49 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
    2007-10-29 23:02:37 424 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
    2007-10-07 16:04:21 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


    -- Files created between 2007-09-30 and 2007-10-31 -----------------------------

    2007-10-30 20:57:02 0 d-------- C:\Documents and Settings\Mark\Application Data\Grisoft
    2007-10-30 20:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-30 20:21:50 0 d-------- C:\VundoFix Backups
    2007-10-29 21:48:04 0 d-------- C:\Program Files\Trend Micro
    2007-10-29 16:03:16 32256 --a------ C:\WINDOWS\system32\ljjhijg.dll
    2007-10-25 16:40:35 0 d-------- C:\WINDOWS\Sun
    2007-10-25 16:40:31 0 d-------- C:\Documents and Settings\Mark\Application Data\Sun
    2007-10-24 08:26:48 0 d-------- C:\Program Files\E404 Helper
    2007-10-22 21:04:26 0 d-------- C:\Documents and Settings\Mark\Shared
    2007-10-22 21:04:19 0 d-------- C:\Documents and Settings\Mark\Incomplete
    2007-10-22 20:59:35 0 d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
    2007-10-22 20:34:51 0 d-------- C:\Program Files\Java
    2007-10-22 20:27:50 0 d-------- C:\Program Files\Common Files\Java
    2007-10-21 11:21:21 0 d-------- C:\Program Files\Adsense Helper Object
    2007-10-21 11:21:14 14900 --a------ C:\Program Files\3269.exe
    2007-10-19 21:12:42 0 d-------- C:\Program Files\MSXML 4.0
    2007-10-16 21:34:37 0 d-------- C:\WINDOWS\system32\PreInstall
    2007-10-10 17:52:02 0 d-------- C:\Documents and Settings\Mark\Application Data\RegistrySmart
    2007-10-10 17:49:07 0 d-------- C:\Program Files\RegistrySmart
    2007-10-10 14:49:00 0 d-------- C:\WINDOWS\ERUNT
    2007-10-10 13:33:20 5248 --a------ C:\WINDOWS\system32\giveio.sys
    2007-10-10 10:03:01 198437 --a------ C:\Pass2.cmd
    2007-10-10 09:54:39 2100 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-10 09:52:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-10 09:52:59 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-10 09:52:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-10 09:52:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-10 09:52:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-07 21:37:24 35840 --a------ C:\WINDOWS\system32\ddcdbxw.dll
    2007-10-07 16:03:26 0 d-------- C:\Program Files\XoftSpySE


    -- Find3M Report ---------------------------------------------------------------

    2007-10-30 14:27:38 0 d-------- C:\Program Files\Google
    2007-10-29 23:36:13 0 d-------- C:\Program Files\Jasc Software Inc
    2007-10-29 23:27:52 0 d-------- C:\Program Files\Common Files
    2007-10-22 20:54:47 1526 --a------ C:\WINDOWS\mozver.dat
    2007-10-21 21:49:28 0 d-------- C:\Documents and Settings\Mark\Application Data\uTorrent
    2007-10-19 21:46:16 0 d-------- C:\Program Files\Messenger
    2007-09-19 11:01:03 0 d-------- C:\Program Files\LimeWire
    2007-09-16 16:55:06 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-09-14 21:27:31 0 d-------- C:\Program Files\Auubzyfj
    2007-09-11 14:40:51 0 d-------- C:\Program Files\QuickTime
    2007-09-11 01:14:09 0 d-------- C:\Documents and Settings\Mark\Application Data\vlc
    2007-09-11 01:02:02 0 d-------- C:\Program Files\VideoLAN
    2007-09-11 00:15:17 0 d-------- C:\Program Files\uTorrent
    2007-09-05 01:28:07 0 d-------- C:\Program Files\SharpC
    2007-09-03 17:44:17 0 d-------- C:\Program Files\itqfwvan
    2007-08-13 12:22:34 0 --a----c- C:\WINDOWS\nsreg.dat
    2007-08-10 10:14:14 0 --a----c- C:\Documents and Settings\Mark\Application Data\dm.ini
    2007-08-10 10:14:14 877 --a------ C:\Documents and Settings\Mark\Application Data\AdobeDLM.log
    2007-08-08 21:22:17 0 -rahs---- C:\MSDOS.SYS
    2007-08-08 21:22:17 0 -rahs---- C:\IO.SYS
    2007-08-08 21:22:17 0 --a------ C:\CONFIG.SYS
    2007-08-08 21:22:17 0 --a------ C:\AUTOEXEC.BAT
    2007-08-08 21:09:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-08-08 16:45:06 62 --ahs---- C:\Documents and Settings\Mark\Application Data\desktop.ini


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
    10/21/2007 11:21 AM 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
    10/24/2007 08:26 AM 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [08/09/2007 10:20 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
    "Sen "= "C:\WINDOWS\ASKS~1\attrib.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [12/13/2003 3:28:04 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
    antiwpa.dll 09/18/2005 02:32 AM 5376 C:\WINDOWS\system32\antiwpa.dll

    *Newly Created Service* - AVGASCLN



    -- End of Deckard's System Scanner: finished at 2007-10-31 09:36:45 ------------

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel Pentium II processor
    Percentage of Memory in Use: 74%
    Physical Memory (total/avail): 127.49 MiB / 32.57 MiB
    Pagefile Memory (total/avail): 307.6 MiB / 101.59 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1941.34 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 7.63 GiB total, 3.33 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - IBM-DYLA-28100 - 7.63 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 7.63 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.


    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Mark\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=SWISS
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Mark
    LOGONSERVER=\\SWISS
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0502
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Mark\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Mark\LOCALS~1\Temp
    USERDOMAIN=SWISS
    USERNAME=Mark
    USERPROFILE=C:\Documents and Settings\Mark
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Mark (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
    CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    Channel Master --> "C:\Program Files\SharpC\Channel Master\uninstall.exe "
    CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
    ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
    ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
    ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
    ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
    ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
    ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
    ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
    ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
    ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
    HLPIndex --> MsiExec.exe /I{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}
    HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3d001c_339bc5\Setup.exe /APR-REMOVE
    KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe "
    Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
    Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
    PANTECH PC Card Software --> C:\Program Files\Sprint\Pantech PC Card\PTDCUninstall.exe
    PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
    QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
    SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
    Sprint Mobile Broadband (Pantech) --> MsiExec.exe /I{B9E8CAF9-B495-4E8B-89F6-588C2CEF9766}
    VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
    VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type1226 / Error
    Event Submitted/Written: 10/29/2007 11:07:06 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application sed.cfexe, version 0.0.0.0, faulting module sed.cfexe, version 0.0.0.0, fault address 0x000106ac.
    Processing media-specific event for [sed.cfexe!ws!]

    Event Record #/Type1219 / Error
    Event Submitted/Written: 10/29/2007 05:38:39 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application sed.cfexe, version 0.0.0.0, faulting module sed.cfexe, version 0.0.0.0, fault address 0x000106ac.
    Processing media-specific event for [sed.cfexe!ws!]

    Event Record #/Type1200 / Error
    Event Submitted/Written: 10/26/2007 06:03:46 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application firefox.exe, version 1.8.20071.816, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type1199 / Error
    Event Submitted/Written: 10/26/2007 06:03:34 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application firefox.exe, version 1.8.20071.816, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type1198 / Error
    Event Submitted/Written: 10/26/2007 04:51:47 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application firefox.exe, version 1.8.20071.816, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type3762 / Error
    Event Submitted/Written: 10/31/2007 09:15:50 AM
    Event ID/Source: 59 / SideBySide
    Event Description:
    Generate Activation Context failed for C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .

    Event Record #/Type3761 / Error
    Event Submitted/Written: 10/31/2007 09:15:50 AM
    Event ID/Source: 59 / SideBySide
    Event Description:
    Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
    Reference error message: The referenced assembly is not installed on your system.
    .

    Event Record #/Type3760 / Error
    Event Submitted/Written: 10/31/2007 09:15:50 AM
    Event ID/Source: 32 / SideBySide
    Event Description:
    Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

    Event Record #/Type3759 / Error
    Event Submitted/Written: 10/31/2007 09:15:47 AM
    Event ID/Source: 59 / SideBySide
    Event Description:
    Generate Activation Context failed for C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .

    Event Record #/Type3758 / Error
    Event Submitted/Written: 10/31/2007 09:15:47 AM
    Event ID/Source: 59 / SideBySide
    Event Description:
    Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
    Reference error message: The referenced assembly is not installed on your system.
    .



    -- End of Deckard's System Scanner: finished at 2007-10-31 09:36:45 ------------
     
    swiss,
    #11
  13. 2007/10/31
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi swiss

    'There is a file present in your logs that suggests there has been an attempt to by-pass Windows Validation. Since this is a Microsoft Community, we want to make sure we are helping with legitimate copies of Windows. Before we continue, please validate your installation.'

    Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
    • Click on Windows Validation Assistant
    • Click on the Validate Now button.
    • Be patient while the ActiveX loads, do not click on any links.
    • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
    • Enter your product key then click continue
    • When it says "Validation Complete" please click Continue to return to your previous activity
    • Copy what it says and paste it here.

    Thanks
    Geri
     
    Geri,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...