View Full Version : hijact this log help
cerius
16 May 2006, 08:29pm
please help me with my log. the hijack this program would run for about 5 seconds then shutdown and when i got it to save the file finally the text document shutdown too. anyways here is my log
( i updated all my ad-aware and spybot search and destroy today right before i scanned it with hijackthis )
Logfile of HijackThis v1.99.1
Scan saved at 12:25:52 PM, on 5/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\uyfshwadws\csrss.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\uyfshwadws\smss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cerius2\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
F3 - REG:win.ini: load=C:\WINDOWS\System32\uyfshwadws\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\uyfshwadws\csrss.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1117B91A975760EA83FA5EF80752B94E3D87B5F7E422A3EC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145581720309
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{05827F95-42C4-4A00-9F8B-59DEF80887F8}: NameServer = 68.87.69.146,68.87.85.98
O18 - Protocol: bw+0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Shaba
17 May 2006, 07:47am
Hi cerius :wave:
You have so called msn virus.
Please follow these instructions carefully ->
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item9
After that, please Post the contents of C:\msnvirrem.log along with a fresh HijackThis log
We'll continue then :)
cerius
17 May 2006, 08:04am
ok cool it is was this thing that caused my norton firewall to go down, and is this a sign that my ex gf hacked my computer? and if so how would i go about not letting her do this again?
here is my logs:
MsnVirRem Log by Skate_Punk_21
5/16/2006
11:55:59 PM
---Infection Files Found---
C:\WINDOWS\System32\aezaojlz\csrss.exe
C:\WINDOWS\System32\aezaojlz\smss.exe
C:\WINDOWS\System32\aezaojlz\csrss.ini
C:\WINDOWS\System32\bajbnayf\smss.exe
C:\WINDOWS\System32\bajbnayf\csrss.ini
C:\WINDOWS\System32\brqqvf\smss.exe
C:\WINDOWS\System32\brqqvf\csrss.ini
C:\WINDOWS\System32\btccxo\smss.exe
C:\WINDOWS\System32\btccxo\csrss.ini
C:\WINDOWS\System32\bzseswdit\smss.exe
C:\WINDOWS\System32\bzseswdit\csrss.ini
C:\WINDOWS\System32\cmkvwybdm\smss.exe
C:\WINDOWS\System32\cmkvwybdm\csrss.ini
C:\WINDOWS\System32\cttgbg\smss.exe
C:\WINDOWS\System32\cttgbg\csrss.ini
C:\WINDOWS\System32\dawakzb\smss.exe
C:\WINDOWS\System32\dawakzb\csrss.ini
C:\WINDOWS\System32\exgwzhc\smss.exe
C:\WINDOWS\System32\exgwzhc\csrss.ini
C:\WINDOWS\System32\fkaysfcmzz\smss.exe
C:\WINDOWS\System32\fkaysfcmzz\csrss.ini
C:\WINDOWS\System32\gmzhvbvq\smss.exe
C:\WINDOWS\System32\gmzhvbvq\csrss.ini
C:\WINDOWS\System32\gruulx\smss.exe
C:\WINDOWS\System32\gruulx\csrss.ini
C:\WINDOWS\System32\gvxqnuc\smss.exe
C:\WINDOWS\System32\gvxqnuc\csrss.ini
C:\WINDOWS\System32\iouznv\smss.exe
C:\WINDOWS\System32\iouznv\csrss.ini
C:\WINDOWS\System32\ipjtmbbaci\smss.exe
C:\WINDOWS\System32\ipjtmbbaci\csrss.ini
C:\WINDOWS\System32\ixszbny\smss.exe
C:\WINDOWS\System32\ixszbny\csrss.ini
C:\WINDOWS\System32\jhevwan\smss.exe
C:\WINDOWS\System32\jhevwan\csrss.ini
C:\WINDOWS\System32\jonishlw\smss.exe
C:\WINDOWS\System32\jonishlw\csrss.ini
C:\WINDOWS\System32\jufgesap\smss.exe
C:\WINDOWS\System32\jufgesap\csrss.ini
C:\WINDOWS\System32\kfmymeaczj\smss.exe
C:\WINDOWS\System32\kfmymeaczj\csrss.ini
C:\WINDOWS\System32\kpumjaaqwh\smss.exe
C:\WINDOWS\System32\kpumjaaqwh\csrss.ini
C:\WINDOWS\System32\kusdhyhtu\smss.exe
C:\WINDOWS\System32\kusdhyhtu\csrss.ini
C:\WINDOWS\System32\lfxbzjp\smss.exe
C:\WINDOWS\System32\lfxbzjp\csrss.ini
C:\WINDOWS\System32\lizltidjl\smss.exe
C:\WINDOWS\System32\lizltidjl\csrss.ini
C:\WINDOWS\System32\lksonl\smss.exe
C:\WINDOWS\System32\lksonl\csrss.ini
C:\WINDOWS\System32\lrfimwco\smss.exe
C:\WINDOWS\System32\lrfimwco\csrss.ini
C:\WINDOWS\System32\mxgvadpgg\smss.exe
C:\WINDOWS\System32\mxgvadpgg\csrss.ini
C:\WINDOWS\System32\njdgpy\smss.exe
C:\WINDOWS\System32\njdgpy\csrss.ini
C:\WINDOWS\System32\njfaiuxi\smss.exe
C:\WINDOWS\System32\njfaiuxi\csrss.ini
C:\WINDOWS\System32\nrlvfxhfa\smss.exe
C:\WINDOWS\System32\nrlvfxhfa\csrss.ini
C:\WINDOWS\System32\nzkbild\smss.exe
C:\WINDOWS\System32\nzkbild\csrss.ini
C:\WINDOWS\System32\oqpmip\smss.exe
C:\WINDOWS\System32\oqpmip\csrss.ini
C:\WINDOWS\System32\pxhnnyfdcj\smss.exe
C:\WINDOWS\System32\pxhnnyfdcj\csrss.ini
C:\WINDOWS\System32\qcrngpuzv\smss.exe
C:\WINDOWS\System32\qcrngpuzv\csrss.ini
C:\WINDOWS\System32\rbumohcvxj\smss.exe
C:\WINDOWS\System32\rbumohcvxj\csrss.ini
C:\WINDOWS\System32\rjzlboykb\smss.exe
C:\WINDOWS\System32\rjzlboykb\csrss.ini
C:\WINDOWS\System32\sbljhqfw\smss.exe
C:\WINDOWS\System32\sbljhqfw\csrss.ini
C:\WINDOWS\System32\shbmcz\smss.exe
C:\WINDOWS\System32\shbmcz\csrss.ini
C:\WINDOWS\System32\snslhcnv\smss.exe
C:\WINDOWS\System32\snslhcnv\csrss.ini
C:\WINDOWS\System32\ssoxbmfhi\smss.exe
C:\WINDOWS\System32\ssoxbmfhi\csrss.ini
C:\WINDOWS\System32\tnhewyb\smss.exe
C:\WINDOWS\System32\tnhewyb\csrss.ini
C:\WINDOWS\System32\ubvebcttt\smss.exe
C:\WINDOWS\System32\ubvebcttt\csrss.ini
C:\WINDOWS\System32\uwtfhh\smss.exe
C:\WINDOWS\System32\uwtfhh\csrss.ini
C:\WINDOWS\System32\uyfshwadws\smss.exe
C:\WINDOWS\System32\uyfshwadws\csrss.ini
C:\WINDOWS\System32\uzemsacbl\smss.exe
C:\WINDOWS\System32\uzemsacbl\csrss.ini
C:\WINDOWS\System32\wobdvmhv\smss.exe
C:\WINDOWS\System32\wobdvmhv\csrss.ini
C:\WINDOWS\System32\wpxqizt\smss.exe
C:\WINDOWS\System32\wpxqizt\csrss.ini
C:\WINDOWS\System32\xbpexw\smss.exe
C:\WINDOWS\System32\xbpexw\csrss.ini
C:\Documents and Settings\cerius2\Start Menu\Programs\Startup\csrss.lnk
C:\WINDOWS\System32\taskkill.com
C:\WINDOWS\System32\netstat.com
Rebooting...
Fixing Registry Permissions...
Editing Registry...
Fixing Host File...
**Fix Complete!**
Logfile of HijackThis v1.99.1
Scan saved at 12:03:37 AM, on 5/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ymsgr auto update.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\cerius2\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1117B91A975760EA83FA5EF80752B94E3D87B5F7E422A3EC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MsnVirRem.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145581720309
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
O18 - Protocol: bw+0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
thank you for all your help in advance.
Shaba
17 May 2006, 08:45am
I don't think your ex-gf did this :)
First move HjT into its own folder -> c:\hjt
Then open HijackThis, click do a system scan only and checkmark these:
1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1117B91A975760EA83FA5EF80752B94E3 D87B5F7E422A3EC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
Close all windows, including browser and press fix checked.
Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/
1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
Reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Delete if found:
c:\program files\seekmo
Then launch ewido:
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.
Reboot back to normal mode
Send ewido report and a fresh HjT log
cerius
17 May 2006, 09:35pm
nice programby the way I like it, anyway here is the logs again:
Logfile of HijackThis v1.99.1
Scan saved at 1:33:14 PM, on 5/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ymsgr auto update.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\jht\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
F3 - REG:win.ini: load=C:\WINDOWS\System32\uyfshwadws\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\uyfshwadws\csrss.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145581720309
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
O18 - Protocol: bw+0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE75AA28-4B08-41D3-A3C0-25CDCE70B859} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
cerius
17 May 2006, 09:36pm
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:28:54 PM, 5/17/2006
+ Report-Checksum: A8C2515A
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{02C2F74B-206D-DFEE-6CAE-D4094E17A18D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05EBB4ED-D908-4232-67B9-1B0411BB02B5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0CDC00C3-C698-7F19-22CE-1041D267AD05} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0FD2A8CA-086D-14C1-DA15-CA49D3F3B821} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{146169FD-5A25-DF9C-CAF3-92CC3D405620} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{166CDEFE-E88F-C410-5454-34602088172B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD58A3D-D84D-3006-CA07-81714822BEDB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D30E5A0-28E5-58CC-B632-2ECF3ADEF219} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2055AB9C-D601-4B4E-27D9-C624057DDAA5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29FC7713-0FBF-1255-5EAC-A7424B375C72} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C169854-899F-2A96-6742-CDEF2306E937} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{309E3958-B011-61F7-2E73-86BA5E7CF01C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1EA173-C393-E882-A139-CDA49D5741BE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44B25686-99F8-F195-F825-431202F0463F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{453BE369-8D1D-69D7-A6CB-D4BE3C9AC738} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{48A9C148-6E89-B1EC-BE38-0CB7C1FDEFF5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{49E3D1A0-374F-944D-08B1-680F990779E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A9BAEEA-80CE-F915-C956-CB828B05C828} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4B33972E-DEC1-88EB-5E8B-A204CB6352D3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4BCB0BA8-226D-9709-01C4-2318242DD520} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CC594DF-0292-E368-A8D4-51511955AED9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D49B597-3C99-F507-3EF4-196320283DFA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5BCC6952-A400-DA5E-2572-D68C74339A1B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6258C774-629D-699E-B02B-D1CA18D86A54} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67AAE7FF-BAA0-8B74-9596-16A81DEB8538} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{732C9320-CFE9-FBE2-1648-0D8201164601} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7675940E-2E8F-CC66-3F3E-33734232EC19} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77115206-4277-3228-99E2-2B93995F46A4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{788AF4FE-773C-FB04-4255-D74C880E5F4D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CF63507-F787-DEDD-FF68-BDC0D8517426} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7F9872AA-D844-3BA5-05C2-D4D77CABA699} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{805B9042-4256-DBF7-8C87-9D912D49BF74} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8188D633-178A-AA0A-A38C-74006F515B3E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{830AA2F8-C8EB-24B1-C5F4-64095BDA680E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{834B70C4-08A7-7082-A675-EFDC4D348484} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88C96295-FCAE-0B3D-8F00-3F0E0A009428} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A4878A1-2428-847B-7D80-D1F2596F5212} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B818713-3A0C-4B60-78A0-D1C38B1E7C16} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BFBA35A-44BF-8A46-263F-78430DC93768} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E144FD4-1090-F3D9-D32F-4B4D451F0FED} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9041DC7F-A546-4FA4-2F1E-B74E22A722FE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905668B8-5CFE-E86A-2BEF-F4792AA3BB31} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9072EE5C-9D78-A0D5-ABE2-3D322ABD6FCA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{941270AD-EE42-00DF-46C7-2934000284A8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{96D016D9-0CE7-EA14-F994-F6F457061D30} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9883DB10-208B-086B-8A21-D0FFA737138A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A0086F9D-449B-13E6-ED29-AA0AA4884847} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3006E94-9DB4-75B2-B5BA-FE94E118EE5E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3D347B5-8D22-1E55-4D3E-C94C91F76762} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A47DCE7F-A687-0E75-A0E5-69DB2A5B5055} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A49D539F-800A-625B-C5CE-D2591D02D833} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A81A1A73-0ABD-D6BC-44CD-1C5B54E9058A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DC7395-977C-69CC-84A6-109FC9AF6A43} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A99FCEAE-E73D-1759-13F7-705AC2B13F02} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AA0A9B7C-1E92-535C-0904-539590028603} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AA53A0D9-57FB-624D-B034-9230FDC8B759} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4061A5F-2631-C398-10F0-6FD606540059} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4CC47DF-B9D9-5967-E16B-51A675B6C681} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D3C38A-0276-BEE3-D10C-C4514DA9C145} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4FB0365-675A-5E62-B49B-D990566002AC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7B58E9F-C175-CC09-9ADC-6C41E9EE5ABC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B9D758C9-7C23-5C08-315E-BD788F3008A1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA6CDF83-83F4-8F6A-F90C-8A66A4857735} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD3DD005-7D78-A0AB-F067-8BEFE7E41F6A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF8C66F5-1A2F-25AD-C2FA-D06309B1DD27} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF8E8A3B-3B07-92AF-7CDE-94E44B1AB52C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFBF7402-6F56-197C-30EF-A2D7ABD52E16} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C088C334-B86C-344C-0F4B-E6396812E3BB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C19B9125-B9FB-3BFD-7568-61F62B879410} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C216F9B0-0E1F-744C-D26F-31960E39901F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C936E078-AF90-6FBC-5868-5DBE20436E47} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC9B510C-5678-0907-65D8-DA76547B7AB8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87} -> Downloader.Fugif : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF668E96-27EB-767C-CDC7-40ADB11675F2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E0906E7B-21EB-227B-EE08-2372A8EAF830} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E0AC35E4-96DF-00AC-6608-D6C41D33EEC8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E35FD33F-53BA-4B4E-6E17-C3C81EE7F8BC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E43F4B40-E371-59B7-F4A8-FF87ADFCEAF4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E570DCA4-C521-2B7F-EB9D-E2F8DD25DF6B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E966C4-AF6A-3902-E457-5D038958EDBE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E66FA56E-2105-15B2-54D3-E395B984A934} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E6A80097-C50D-FF81-3F31-3432130BEAA1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3C3DC70-25D1-3C6C-E10B-C6BF822AC5DA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F822BF6C-BD82-883D-1146-288575F3091D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F9AE87A0-844A-04E0-82FC-ABA9A8BCBB07} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA1833EB-F0F0-A5E9-A669-2EDCD03477DB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA5242E5-8006-01DA-9E12-778515EA0D80} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FCBFF6A4-6C0F-E57F-4DCD-3DECF316CA20} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FD0CAC5A-E9FB-F570-4AD2-4EDA67ADF7C7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEB58C92-D119-8F66-A8FA-72D46A544DA9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF9C2285-7435-9341-80FE-A833F235D80D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\dlIfile -> Adware.AcidReign : Cleaned with backup
HKLM\SOFTWARE\Classes\dlIfile\shell -> Adware.AcidReign : Cleaned with backup
HKLM\SOFTWARE\Classes\dlIfile\shell\open -> Adware.AcidReign : Cleaned with backup
HKLM\SOFTWARE\Classes\dlIfile\shell\open\command -> Adware.AcidReign : Cleaned with backup
HKLM\SOFTWARE\IST -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\PerfectNav\BHO -> Adware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\PerfectNav\BHO\HomePage -> Adware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\PerfectNav\BHO\RedirectURLS -> Adware.KeenValue : Cleaned with backup
:mozilla.29:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.33:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.36:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.37:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.38:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.49:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.72:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.77:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.129:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.132:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.134:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.202:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.210:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.224:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.225:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.226:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.264:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.287:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.377:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.378:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.421:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.439:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.440:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.441:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.442:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.443:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.466:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.467:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.474:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.475:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.476:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.498:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.523:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.524:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.526:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.567:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.568:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.569:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.589:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.590:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.591:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.592:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.597:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.598:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.599:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.600:C:\Documents and Settings\cerius2\Application Data\Mozilla\Firefox\Profiles\v12vrka0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.6:C:\Documents and Settings\cerius2\Application Data\Phoenix\Profiles\default\qm0242bs.slt\cookies.txt ->
cerius
17 May 2006, 09:37pm
TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\cerius2\Application Data\Phoenix\Profiles\default\qm0242bs.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\cerius2\Application Data\Phoenix\Profiles\default\qm0242bs.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\cerius2\Application Data\Phoenix\Profiles\default\qm0242bs.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\cerius2\Application Data\Phoenix\Profiles\default\qm0242bs.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\cerius2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6f71db98-7659b6dd.RB0/binny/binny.class -> Dropper.Small.f : Cleaned with backup
C:\Documents and Settings\cerius2\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6f71db98-7659b6dd.zip/binny/binny.class -> Dropper.Small.f : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\cerius2\Cookies\cerius2@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\cerius2\Desktop\desktop\backups\backup-20050512-172726-593.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\cerius2\Desktop\desktop\backups\backup-20050930-221731-802.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\cerius2\Desktop\desktop\tiberian sun\RAZOR.EXE -> Dropper.Small.ux : Cleaned with backup
C:\Documents and Settings\cerius2\forceSQL.exe -> Not-A-Virus.PSWTool.Win32.ForceSQL.20 : Cleaned with backup
C:\Documents and Settings\cerius2\Local Settings\Temp\24.tmp -> Downloader.WinShow.be : Cleaned with backup
C:\Documents and Settings\cerius2\Local Settings\Temporary Internet Files\Content.IE5\8XANOX2R\Setup[1].exe -> Adware.Zango : Cleaned with backup
C:\Documents and Settings\cerius2\Local Settings\Temporary Internet Files\forceSQL.exe -> Not-A-Virus.PSWTool.Win32.ForceSQL.20 : Cleaned with backup
C:\Documents and Settings\cerius2\My Documents\ispynow-setup.exe -> Backdoor.Delf.bz : Cleaned with backup
C:\kaka.exe -> Dropper.Small.go : Cleaned with backup
C:\ms32.tmp -> Downloader.Small.azk : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Cleaned with backup
C:\RECYCLER\S-1-5-21-73586283-1606980848-1060284298-500\Dc5.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Temp\NCasePackage.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\addpj32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addrt32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addta.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\adduu32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addwt32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apibs.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apill.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apioa.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apire.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apirf.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiri.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apirl.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiwc32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apixi32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apixs.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apizi32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apppb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apprm32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apptc.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appuk32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appxf32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appxt.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appzd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appzn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlaj32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlue32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlvo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlvx.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlys32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crak32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crbe.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crgs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crhc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crij.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crje.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crkj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crnh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3af.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3jo32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3kh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup
C:\WINDOWS\iein.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieqb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iezt.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\inetcj2\1.02.03.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\ipql32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipsl.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipts32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipvw32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipwu32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipwy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipyj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaaw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaea32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javafm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javahz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaia32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javajv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaku32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javalo.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javanh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javara32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javayk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcig.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfckm.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfclk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcmx.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcpl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcvg.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msag32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msaw32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mscv32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msgt.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msux.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msyg32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mszb.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netgn.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netgw.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netio.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netjd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netlf.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netnr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nettx32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netya32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbe.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntgm32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntmq.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntoq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntro.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntsn32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntua.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_ajybjy.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_beuitz.dat -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_cxewco.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_cxllhg.log -> Downloader.Agent.oq : Cleaned with backup
C:\WINDOWS\n_difqzn.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_dmenxm.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_dubqha.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_duiplu.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_egvbli.log -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_eixvya.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_eoywzu.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_fwduhu.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_fypgkw.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_gdrilk.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_grutly.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_gzgcim.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hhaehp.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hpivyg.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hqhkpf.txt -> Downloader.Agent.oq : Cleaned with backup
C:\WINDOWS\n_hrthlx.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hslfjo.txt -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_hslxip.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_iohqcg.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ircszg.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_itvenm.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_iuxqyb.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_jflabe.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_jiubnl.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_kuzkta.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_kwupmj.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_kzunfi.txt -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_lkvbeb.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_lqdmnk.log -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_nbddle.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_oajvru.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_omeelt.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_onkvjq.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ouvdsn.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_pvcwol.dat -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_qohveo.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_qpwmxb.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_qrhrmb.log -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_scusya.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_syidgm.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_thobiu.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_tvbnos.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_utwwvk.log -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_vpwvpm.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_wuoypr.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_wxvrmz.txt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yzmjeq.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zebqxh.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zetopm.txt:mthdn -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zetopm.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zgofie.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zwihkz.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_zwqoix.txt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkdc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkel32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkgl.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkih32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkqg.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdktg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkua32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkva32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkvi32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkxi.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysbo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysej32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sysin.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\syslo.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sysor32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\addhj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addlg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addsz.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\addtu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addyj32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apibr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apimk32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apimw32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apind32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiuz.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appbc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appfo.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\applj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appon.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appoz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appzf.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlcp32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlha.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlko32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlnx.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlov.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atltv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlxu.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlyc32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlyk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crfs32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crgb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crpn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crsn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crun.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\crvc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3bq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3hx32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3ov.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3qh.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3ul.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3uq32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3wb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3wt32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3zp.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ieca32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\iegy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ieky.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ieov.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ietr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iewe32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup
C:\WINDOWS\system32\ipff.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipka32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ipky32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ippl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ippr.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ipqc.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ipqc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipvk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipwv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipzb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javach.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javadn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaep.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javalw32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javaow.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javasn.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javavl32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcjo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcri32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcsw32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfctw32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\msak32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\msas32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msdioo.exe -> Trojan.Small.i : Cleaned with backup
C:\WINDOWS\system32\msfaol.dll -> Adware.ClientMan : Cleaned with backup
C:\WINDOWS\system32\mskb.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netdy.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netjd32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netpl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netvo32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netwm.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netxm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntfp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntkp.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntnt32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntsa32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntxi32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntyc32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntzg32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkab.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkec.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkfs32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkgn.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkit32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkkg32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkkz32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdknr32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkoj.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkpk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkxs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkyn.dll -> Downloader.Agent.bc : Cleaned with