Tech Support Forum banner
Status
Not open for further replies.

Computer only works on safe mode, crashes in seconds during regular reboot

2K views 8 replies 2 participants last post by  Ried 
#1 ·
Safemode works fine, freezes in seconds after a normal reboot. The online scanners caught some bugs, but the problem is still there. Help would be appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:38:16 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2603963ee82825b4f806/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152355438500
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.resnet.ucla.edu/vs/stcpo/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9745EAC-E113-4B77-950F-8978C9FCDA73}: Domain = dsl-verizon.net
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
See less See more
#3 ·
Hello puravida and welcome to TSF,

I understand you cannot log in to Normal Mode, and as such, this log taken from Safe Mode is not able to show me everything that's going on. Any information you can supply would be helpful. Did you save the Ewido results of any recent scans? If so, please post that here and any other information you think may be helpful.

We'll get started with what I do see.


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist:

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [farstone] NULL
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2603963ee82825b...p/RdxIE601.cab
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)


Click 'Fix Checked' and close HijackThis.

-----------------------------------

Next, please reboot your computer in Safe Mode with Networking by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode with Networking and press Enter.

-----------------------------------

See if you can get an online scan done. Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report
**Note** You do not need to remain online once the scan begins, but you will need to reconnect to the internet to view and Save the report. I highly suggest you do go offline once the scan begins as it can take quite some time to complete and while you're in Safe Mode, you will not have any protection available.

In your next reply please include the following:

Panda results
New HijackThis log
Previous Ewido log (if you have it)
Any information you can give me in regard to prior symptoms, any infected files removed by other scanners.
 
#4 ·
******
This is a previous Ewido scan. This was done in safemode after the problem occured. As you can see, it did clean some things up, but the problem still remains:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:23:28 PM 7/8/2006

+ Scan result:



HKLM\SOFTWARE\180solutions -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\msbb -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-1659004503-1284227242-682003330-1003\Software\msbb -> Adware.180Solutions : No action taken.
C:\Program Files\Common Files\OfferApp\OfferApp.exe -> Adware.AdTraffic : No action taken.
C:\Program Files\OfferApp\OfferApp.exe -> Adware.AdTraffic : No action taken.
C:\WINDOWS\system32\OfferApp.exe -> Adware.AdTraffic : No action taken.
C:\Program Files\IncrediFind -> Adware.Incredifind : No action taken.
C:\Program Files\IncrediFind\BHO -> Adware.Incredifind : No action taken.
C:\Program Files\IncrediFind\BHO\date.txt -> Adware.Incredifind : No action taken.
C:\WINDOWS\system32\spool\PRINTERS\01276.SPL -> Backdoor.Agobot.lp : No action taken.
C:\Documents and Settings\PuraVida\Local Settings\Temporary Internet Files\Content.IE5\ODSZWZGR\L[1].exe -> Downloader.Small.cvw : No action taken.
C:\WINDOWS\Temp\win10F5.tmp.exe -> Downloader.Small.cvw : No action taken.
:mozilla.121:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.28:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.29:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.46:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.47:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.9:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.135:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.136:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.137:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.166:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.167:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.168:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.169:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.170:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.171:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.172:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.173:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.174:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.615:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.616:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.617:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.76:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.77:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.78:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.14:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.20:C:\Documents and Settings\PuraVida\Application Data\Thunderbird\Profiles\default.mdd\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.87:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\NPROTECT\00023064.TXT -> TrackingCookie.Atdmt : No action taken.
:mozilla.630:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Belstat : No action taken.
:mozilla.631:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Belstat : No action taken.
:mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.227:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.10:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.11:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.12:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.70:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.9:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.72:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.73:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
:mozilla.101:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.138:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.139:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.149:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.150:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.28:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.29:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.177:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.178:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.493:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.108:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.113:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.23:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.71:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.75:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.12:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.11:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.24:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.25:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.26:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.27:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.28:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@gator[1].txt -> TrackingCookie.Gator : No action taken.
:mozilla.338:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.339:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.308:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.7:C:\Documents and Settings\PuraVida\Application Data\Thunderbird\Profiles\default.mdd\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.100:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.102:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.116:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.59:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.61:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.96:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.98:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.136:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.162:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.247:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.26:C:\Documents and Settings\PuraVida\Application Data\Thunderbird\Profiles\default.mdd\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.68:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.144:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.145:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.146:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.482:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.483:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.25:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.85:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.474:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@paycounter[1].txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.23:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.37:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.38:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.39:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.40:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.41:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.42:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.43:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.44:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.45:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.46:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.47:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.48:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.49:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.50:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.51:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.51:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.52:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.53:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.54:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.55:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.56:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.57:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.58:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.59:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.60:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.61:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.62:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.63:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.64:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.65:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.141:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.142:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.143:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.136:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.61:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.108:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.109:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.110:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.111:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.103:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.104:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.110:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.111:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.263:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.264:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.265:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.266:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.267:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.268:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.269:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.270:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.271:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.272:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.273:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.274:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.275:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.276:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.105:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.108:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.526:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.527:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@sexlist[2].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.120:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.121:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.122:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.123:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.163:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.119:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.120:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.121:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.122:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.123:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.124:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.125:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.126:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.127:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.128:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.128:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.129:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.130:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.131:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.132:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.79:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.55:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.58:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.64:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.65:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.67:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.88:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.66:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.67:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.68:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.69:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.70:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
:mozilla.120:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.163:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.18:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@vdn.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.144:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.641:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.642:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.646:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.613:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.15:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.16:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.17:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.32:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.33:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.34:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.100:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.102:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.103:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.104:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.105:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.95:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\default.nae\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.99:C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\tsrtyrmn.Default User\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\PuraVida\Cookies\puravida@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\winhdn32.dll -> Trojan.Agent.vg : No action taken.
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : No action taken.


::Report end

******

I also ran an online scan from symantec and it found this:

C:\updaterInstall_112.exe is infected with Adware.Keenval
C:\WINDOWS\preInsTT.exe is infected with Adware.BetterInternet
C:\WINDOWS\systb.exe is infected with Adware.IEPlugin
C:\WINDOWS\system32\ATPartners.dll is infected with Adware.FavoriteMan
C:\WINDOWS\system32\setup_incred_9.exe is infected with Adware.Keenval
C:\WINDOWS\system32\silc_dll.dll is infected with Spyware.Marketscore
C:\WINDOWS\system32\VT334ad.exe is infected with Adware.FavoriteMan
C:\WINDOWS\system32\winhdn32.dll is infected with Trojan.Nebuler
C:\WINDOWS\system32\spool\PRINTERS\01053.SPL is infected with W32.HLLW.Gaobot.gen
C:\WINDOWS\system32\spool\PRINTERS\01276.SPL is infected with W32.HLLW.Gaobot.gen


******

This is the panda scan done in safemode:



Incident Status Location

Spyware:spyware/whazit Not disinfected c:\windows\system32\kyf.dat
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/twain-tech Not disinfected c:\windows\inf\twaintec.inf
Adware:adware/ncase Not disinfected c:\windows\system32\FLEOK
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:adware/navhelper Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kount[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Guest\Cookies\guest@maxserving[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@rightmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt[.kinghost.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt[.bravenet.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Firefox\Profiles\default.9qi\cookies.txt[.ct.360i.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\PuraVida\Application Data\Mozilla\Profiles\default\6c256muq.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\PuraVida\Cookies\puravida@adrevolver[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\PuraVida\Cookies\puravida@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\PuraVida\Cookies\puravida@atwola[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\PuraVida\Cookies\puravida@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\PuraVida\Cookies\puravida@realmedia[1].txt

******

I ran a HJT and fixed the items you mentioned. I tried doing in with a normal reboot, but the computer would just crash.
I ended up having to do it in safe mode to fix the items. Here is a fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 3:59:25 AM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152355438500
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.resnet.ucla.edu/vs/stcpo/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9745EAC-E113-4B77-950F-8978C9FCDA73}: Domain = dsl-verizon.net
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

******
All this started happening after I tried installing Norton Antivirus 2006 when I thought I caught a virus. Unfortunately, the virus (i think) i picked up won't even let me finish the installation.
Whether my problems are due to some virus or an uncompleted antivirus installation is as good a guess as mine. What else can I do to help?
 
#5 ·
Hello puravida,

It is the infections present on this system that are interfering with your installation of NAV and Normal Mode login. Unfortunately, the removal tools I need to run for the infections that I believe are present here, need to be run in Normal Mode.

We'll have to go after what we can manually and hopefully pull out enough to allow you back into Normal Mode. Let's see what this tool reveals for me:

Download WinPFind and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Do Not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. Once the Scan is Complete it will make a .txt file (log) of what was found. Save that log and post it here.
 
#6 ·
I tried booting up normally, and I can actually use my computer for a few mintues before it completely freezes up. Maybe you can try those programs that need to be run in normal mode? If it runs quick enough, I might be able to get the log before the computer conks out?

Anyways, here's the log you asked for:

******

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 4/22/2004 8:54:44 AM 158208 C:\WINDOWS\CoreAAC.ax
UPX! 8/22/2004 5:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 10/13/2005 9:27:00 PM RHS 422400 C:\WINDOWS\x2.64.exe

Checking %System% folder...
UPX! 10/7/2005 7:14:52 PM RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll
UPX! 7/9/2004 12:47:04 AM RHS 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 8/9/2005 3:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 3:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 6/30/2004 2:20:00 PM 160768 C:\WINDOWS\SYSTEM32\fmod.dll
UPX! 1/25/2004 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll
UPX! 7/19/2002 9:06:02 AM 27648 C:\WINDOWS\SYSTEM32\ilu.dll
UPX! 7/19/2002 9:06:42 AM 16384 C:\WINDOWS\SYSTEM32\ilut.dll
PTech 5/27/2004 7:08:50 PM H 2763998 C:\WINDOWS\SYSTEM32\kyf.dat
PTech 5/23/2006 5:26:00 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/8/2006 6:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 6:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 7/26/2004 9:03:54 PM 6390614 C:\WINDOWS\SYSTEM32\pav.sig
aspack 7/26/2004 9:03:54 PM 6390614 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 7/26/2004 9:03:54 PM 6390614 C:\WINDOWS\SYSTEM32\pav.sig
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 PM 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe
UPX! 2/28/2005 1:16:22 PM RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe
UPX! 1/25/2004 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/10/2006 9:25:26 PM S 2048 C:\WINDOWS\bootstat.dat
7/2/2006 11:59:16 PM H 54156 C:\WINDOWS\QTFont.qfn
7/10/2006 9:25:28 PM S 64 C:\WINDOWS\CSC\00000001
7/8/2006 3:20:52 AM S 64 C:\WINDOWS\CSC\00000002
6/29/2006 1:40:18 AM S 64 C:\WINDOWS\CSC\csc1.tmp
5/29/2006 9:16:00 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
5/18/2006 12:15:12 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
6/1/2006 1:28:56 PM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
5/23/2006 5:27:00 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
7/10/2006 9:25:22 PM H 8192 C:\WINDOWS\system32\config\default.LOG
7/10/2006 9:25:38 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
7/10/2006 9:25:26 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
7/10/2006 9:26:20 PM H 176128 C:\WINDOWS\system32\config\software.LOG
7/10/2006 9:25:36 PM H 1077248 C:\WINDOWS\system32\config\system.LOG
6/19/2006 9:55:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
6/19/2006 9:58:12 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f612381a-8ea8-4e46-b422-41ccc0abe9a0
6/3/2006 2:34:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\fa0a9e79-8bda-417f-a655-1ce5af4f1398
6/19/2006 9:58:12 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
5/24/2006 7:03:36 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0f7fa339-0bbd-4309-84e5-299fa962108d
6/19/2006 9:56:28 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c1e8459a-cfde-4772-846a-698c7b5738d2
5/2/2016 11:34:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ebdb1c8b-3773-4a66-b412-0207e61e9e42
6/19/2006 9:56:28 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/10/2006 4:37:42 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/24/2004 6:40:56 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl131_12.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 4/2/2003 4:40:00 PM R 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/10/2006 4:34:50 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
10/20/2003 9:21:10 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
7/10/2006 4:37:52 AM 2291 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
6/26/2006 3:00:00 PM 1672 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterCheck Monitor.LNK
10/20/2003 11:42:34 AM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
11/29/2004 6:40:24 AM 815 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
8/5/2004 4:42:14 PM 822 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remote Update Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/20/2003 2:11:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
12/21/2004 11:59:54 PM 243 C:\Documents and Settings\All Users\Application Data\G-Force Prefs (Winamp).txt
9/15/2004 7:38:48 PM 199 C:\Documents and Settings\All Users\Application Data\G-Force Prefs (Windows Media Player).txt
5/17/2006 10:35:12 PM 2993 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
10/20/2003 9:21:10 AM HS 84 C:\Documents and Settings\PuraVida\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/24/2005 8:49:34 PM 875 C:\Documents and Settings\PuraVida\Application Data\AdobeDLM.log
10/20/2003 2:11:10 AM HS 62 C:\Documents and Settings\PuraVida\Application Data\desktop.ini
9/24/2005 8:49:34 PM 0 C:\Documents and Settings\PuraVida\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MatroskaContextMenu
{789111D8-68A3-46a3-9663-145A3FF4C9C9} = C:\Program Files\MatroskaProp\MatroskaProp.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{781395AF-A127-469f-A06F-59B482AF4F3F}
= C:\Program Files\MatroskaProp\MatroskaProp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
SoundMAXPnP C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
IMONTRAY C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
Logitech Utility Logi_MwX.Exe
SonicFocus "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
RestoreIT! "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
InCD C:\Program Files\Ahead\InCD\InCD.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
CloneCDTray "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
IS CfgWiz C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
SSC_UserPrompt "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
NCLaunch C:\WINDOWS\NCLAUNCH.EXe
Skype "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0
SpecifyDefaultButtons 0
Btn_Search 0
NoBandCustomize 0
NoToolbarCustomize 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 7/10/2006 9:35:05 PM
 
#7 ·
Hello puravida,

I'm afraid I don't have very good news for you. Your system has been infected with Parite.b and it usually does too much damage to the system to properly recover. The Parite virus is a memory-resident polymorphic file infector that infects EXE and SCR files found on local and shared network drives.

Can you access your System Restore feature?

From Safe Mode if you need to:

  • Click Start>All Programs>Accessories>System Tools
  • Select System Restore
  • Choose 'Restore my computer to an earlier date'
  • Click 'Next'
  • Choose a bolded date that seems to be before your problems began
  • Follow the on screen prompts.

Please let me know how that went. If you were successful, I'd like to see a HijackThis log and results of an online scan at Panda.
 
#8 ·
=( I already tried that route. Maybe the virus did it, but for some reason my last state saved was right after infection. There are not previous states saved before that...

Is my comp... screwed? I mean the data in it at least is safe, right? I can pretty much access anything I want on my computer as long as its in safe mode, only problem is that there's no sound, codecs, resolution, etc.

So is this virus unfixable? If it is, how can I save my data without transferring infection? In other words, what exactly are my options?
 
#9 ·
Hi puravida,

Your documents should be safe as this virus overwrites .exe and .scr files. Do not back up or transfer any files with those extensions.

Once you've backed up what you need..favorites, documents, etc. Then a reformat--not just a reinstall--is your safest option.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top