Need help removing spyware
Hello,
I somehow received alot of spyware earlier through a download and I think I removed most of it in safe mode, however here is my silent runners log file. I would appreciate it if you could let me know how to remove anything else that I haven't.
Thanks again
__
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "C:\Program Files\Windows\WinUpdate.exe" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = ""c:\program files\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"1511adfa.exe" = "C:\Documents and Settings\Krizz\Local Settings\Application Data\1511adfa.exe" [null data]
"ziwz" = "C:\PROGRA~1\COMMON~1\ziwz\ziwzm.exe" [file not found]
"Sats" = ""C:\DOCUME~1\Krizz\MYDOCU~1\WNSXS~1\mshta.exe" -vt yazr" [file not found]
"zwiz" = "c:\stub_113_4_0_4_0newer.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ["Creative Technology Ltd"]
"CTDVDDet" = "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"razer" = "C:\Program Files\Razer\Copperhead\razerhid.exe" [empty string]
"1511adfa.exe" = "C:\WINDOWS\System32\1511adfa.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{2D21161E-0DA3-41BF-A22A-FC350030C02F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\CyberLink\podetade.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnlm.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
INFECTION WARNING! "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" = "*h" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnlm.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnvo.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! pmnlm\DLLName = "pmnlm.dll" [null data]
INFECTION WARNING! WB\DLLName = "C:\Program Files\AlienGUIse\fastload.dll" ["Stardock"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Active Desktop web content:
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\InstallShield Installation Information\rylehu.html"
"SubscribedURL" = ""
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"FriendlyName" = ""
"Source" = "C:\Program Files\Windows NT\pojyfise.html"
"SubscribedURL" = ""
Startup items in "Krizz" & "All Users" startup folders:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
I somehow received alot of spyware earlier through a download and I think I removed most of it in safe mode, however here is my silent runners log file. I would appreciate it if you could let me know how to remove anything else that I haven't.
Thanks again
__
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "C:\Program Files\Windows\WinUpdate.exe" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = ""c:\program files\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"1511adfa.exe" = "C:\Documents and Settings\Krizz\Local Settings\Application Data\1511adfa.exe" [null data]
"ziwz" = "C:\PROGRA~1\COMMON~1\ziwz\ziwzm.exe" [file not found]
"Sats" = ""C:\DOCUME~1\Krizz\MYDOCU~1\WNSXS~1\mshta.exe" -vt yazr" [file not found]
"zwiz" = "c:\stub_113_4_0_4_0newer.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ["Creative Technology Ltd"]
"CTDVDDet" = "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"razer" = "C:\Program Files\Razer\Copperhead\razerhid.exe" [empty string]
"1511adfa.exe" = "C:\WINDOWS\System32\1511adfa.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{2D21161E-0DA3-41BF-A22A-FC350030C02F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\CyberLink\podetade.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnlm.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
INFECTION WARNING! "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" = "*h" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnlm.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnvo.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! pmnlm\DLLName = "pmnlm.dll" [null data]
INFECTION WARNING! WB\DLLName = "C:\Program Files\AlienGUIse\fastload.dll" ["Stardock"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Active Desktop web content:
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\InstallShield Installation Information\rylehu.html"
"SubscribedURL" = ""
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"FriendlyName" = ""
"Source" = "C:\Program Files\Windows NT\pojyfise.html"
"SubscribedURL" = ""
Startup items in "Krizz" & "All Users" startup folders:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
0
This discussion has been closed.
Comments
__
Logfile of HijackThis v1.99.1
Scan saved at 7:33:19 PM, on 8/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Krizz\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/mothership.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D21161E-0DA3-41BF-A22A-FC350030C02F} - C:\Program Files\CyberLink\podetade.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\pmnlm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [1511adfa.exe] C:\WINDOWS\System32\1511adfa.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [1511adfa.exe] C:\Documents and Settings\Krizz\Local Settings\Application Data\1511adfa.exe
O4 - HKCU\..\Run: [ziwz] C:\PROGRA~1\COMMON~1\ziwz\ziwzm.exe
O4 - HKCU\..\Run: [Sats] "C:\DOCUME~1\Krizz\MYDOCU~1\WNSXS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [zwiz] c:\stub_113_4_0_4_0newer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.asafm.army.mil/terminal/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0137100B-23C3-4526-A1E6-824F4D2731E9}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{291E3A82-0676-4B09-B2F9-EB9EEC6C2E8F}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F4A4E1-A8C8-4610-9BAA-7B2D0EF97D6C}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{0137100B-23C3-4526-A1E6-824F4D2731E9}: NameServer = 85.255.114.46,85.255.112.210
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi307037.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rzaqsxz.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
Go here http://www.grisoft.cz/softw/70/filedir/inst/ewido-setup_4.0.0.172c.exe to download ewido antimalware. Update it, then run a complete system scan. Save a log file and repost that.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O4 - HKLM\..\Run: [1511adfa.exe] C:\WINDOWS\System32\1511adfa.exe
O4 - HKCU\..\Run: [1511adfa.exe] C:\Documents and Settings\Krizz\Local Settings\Application Data\1511adfa.exe
O4 - HKCU\..\Run: [ziwz] C:\PROGRA~1\COMMON~1\ziwz\ziwzm.exe
O4 - HKCU\..\Run: [zwiz] c:\stub_113_4_0_4_0newer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rzaqsxz.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
Fix these in HJT and post a new log.
____
ewido anti-spyware - Scan Report
+ Created at: 8:35:08 PM 8/5/2006
+ Scan result:
C:\WINDOWS\thiselt.exe -> Adware.Agent : Cleaned with backup (quarantined).
[1292] C:\WINDOWS\thiselt.exe -> Adware.Agent : Error during cleaning.
[2624] C:\Program Files\Azureus\wUninstall.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\S3Jpeno\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\S3Jpeno\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-1682526488-839522115-1004\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-1682526488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-1682526488-839522115-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[1120] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
[1220] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[1360] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[1392] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[1636] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[1672] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[220] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
[896] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Error during cleaning.
C:\WINDOWS\System32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\System32y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vp1i4.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnlm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\2236_27.dll -> Backdoor.Agent.adr : Cleaned with backup (quarantined).
C:\WINDOWS\ms03028918346.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\WINDOWS\ms04289183460.exe -> Backdoor.Small : Cleaned with backup (quarantined).
[1104] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
[1136] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
[1164] VM_00AC0000 -> Downloader.Agent.uj : Error during cleaning.
[1180] VM_00180000 -> Downloader.Agent.uj : Error during cleaning.
[1496] VM_00EE0000 -> Downloader.Agent.uj : Error during cleaning.
[1832] VM_00B90000 -> Downloader.Agent.uj : Error during cleaning.
[1884] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
[192] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
[2384] VM_00C30000 -> Downloader.Agent.uj : Error during cleaning.
[2556] VM_00AC0000 -> Downloader.Agent.uj : Error during cleaning.
[2576] VM_00A90000 -> Downloader.Agent.uj : Error during cleaning.
[3704] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
[3720] VM_00980000 -> Downloader.Agent.uj : Error during cleaning.
[3904] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning.
[768] VM_00A10000 -> Downloader.Agent.uj : Error during cleaning.
[792] VM_00A10000 -> Downloader.Agent.uj : Error during cleaning.
[796] VM_00D70000 -> Downloader.Agent.uj : Error during cleaning.
[820] VM_00E00000 -> Downloader.Agent.uj : Error during cleaning.
[944] VM_00B10000 -> Downloader.Agent.uj : Error during cleaning.
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgame4.exe -> Downloader.Small.ctk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\testtestt.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgamet3.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq5.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\WINDOWS\ms030289183462006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\ms05891834602.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\ms06918346028.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\sys01460289183.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\sys026028918342006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\win32071834602892006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
[2116] C:\WINDOWS\ms05891834602.exe -> Downloader.VB.aga : Error during cleaning.
[3952] C:\WINDOWS\ms06918346028.exe -> Downloader.VB.aga : Error during cleaning.
[3980] C:\WINDOWS\sys01460289183.exe -> Downloader.VB.aga : Error during cleaning.
C:\WINDOWS\amm06.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\WINDOWS\sys02602891834.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\rzaqsxz.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\WINDOWS\rzaqsxzA.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
[1784] C:\WINDOWS\rzaqsxzA.exe -> Hijacker.VB.ij : Error during cleaning.
[1796] C:\WINDOWS\rzaqsxz.exe -> Hijacker.VB.ij : Error during cleaning.
C:\WINDOWS\system32\bzgb.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgame1.exe -> Proxy.Xorpix.u : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.17:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.150:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.152:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.153:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.154:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.155:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.135:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.109:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.111:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.92:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.80:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.29:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.32:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.40:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.61:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.24:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@media.top-banners[2].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.20:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.159:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.10:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Krizz\Cookies\krizz@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.113:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\Documents and Settings\Krizz\Application Data\Mozilla\Firefox\Profiles\1dd5hocg.Krizz\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\maxd641.exe -> Trojan.Dialer.pw : Cleaned with backup (quarantined).
C:\WINDOWS\CCZoop05.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
[1840] C:\WINDOWS\CCZoop05.exe -> Trojan.VB.tg : Error during cleaning.
::Report end
Edit: I also rand Panda Activescan, it's quite a large log so let me know if you want me to post it, otherwise I won't.