Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update.

If you are having problems with the updater, you can use this link to manually update Ewido

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT Ewido anti-spyware. Do Not run a scan just yet.

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * *


TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• In the File menu click Exit to exit Spybot Search & Destroy.

Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


* * * * * *


Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:

• Oin
  Yazzle by Oin
  Purityscan by Oin
  Snowballwars by Oin
  Cowabanga by OIN
  or anything similar with Oin in it

In case Purityscan or OINS is not listed, download and use this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Please note any other programs that you dont recognize in your next response


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: (no name) - {7984BA81-763F-21B4-17FE-222755FAE9B8} - D:\WINDOWS\system32\vvhcpld.dll (file missing)
O4 - HKCU\..\Run: [Brir] "D:\PROGRA~1\COMMON~1\FNTS~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Helc] D:\PROGRA~1\COMMON~1\RACLE~1\DDPLAY~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O20 - AppInit_DLLs: D:\WINDOWS\system32\scanregw.dll


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

• D:\WINDOWS\system32\vvhcpld.dll
  D:\Program Files\COMMON FILES\FONTS
  D:\Program Files\COMMON FILES\0RACLE
  D:\WINDOWS\system32\scanregw.dll

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

• Delete Newsgroup cache
• Delete Newsgroup Subscriptions
• Delete Cookies

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


Run Ewido with it's updated definitions...it's important that all windows must be closed)

• Click Scanner & select the Scan tab
• Click Complete System Scan to begin scanning.
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop.

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
      [*]Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * *


1. Download this file -

http://download.bleepingcomputer.com/sUBs/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:

• HiJackThis log [*]ComboFix
  [*] Online Scan
  [*] Ewido

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

 

Had a few problems through the list you gave me:

1) When deleting the files and folders I couldn't find:
D:\Windows\system32\vvhcpld.dll
D:\WINDOWSsystem32\scanregw.dll

- I did find the other two and elete them. I remembered to show hidden files and operating systems files as well.


2) I couldn't get combofix to run, while trying to execute the .exe it gives me an error saying "You need to have administrative priviledges to run this tool". However my account is set to the admin account and is the only account on the LogIn screen.

---- I haven't been on hte computer long enough yet to see if the popups continue. I'm going to use it for an hour now and see if I can get any to come up while doing various everyday activities. I'll update once I find out if I get any.

Here are my other three logs:

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:19:20 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
D:\HJT\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Ewido
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:50:44 AM 8/9/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
:mozilla.501:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.170:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.171:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.175:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.176:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.177:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.178:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.179:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.277:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.302:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.356:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.441:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.500:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.192:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.193:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.299:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.300:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.301:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.100:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.527:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.95:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.96:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.97:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.98:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.99:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.44:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.10:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.292:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.264:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.125:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.34:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.35:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.36:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.38:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.39:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.40:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.318:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.447:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.478:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.76:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.153:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.154:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.155:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.156:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.157:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.158:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.190:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.294:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.295:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.296:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.297:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.298:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.359:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.360:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.361:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.392:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.393:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.406:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.407:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.408:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.409:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.212:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.213:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.214:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.215:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.216:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.217:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.77:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.78:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.79:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.80:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.81:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.83:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.84:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.169:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.257:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.258:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.259:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.260:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.419:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.420:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.469:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.161:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.162:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.163:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.164:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.357:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.358:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.226:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.227:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.185:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.186:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.291:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.293:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.82:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.85:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.86:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.417:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.503:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.504:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.505:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.506:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.509:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.235:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.149:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.150:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.151:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.152:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.450:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.451:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.452:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.453:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.368:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.369:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.370:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.371:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.126:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.131:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.134:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.195:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.196:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.197:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.198:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.199:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.325:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.491:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.492:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.68:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.69:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.70:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.71:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.72:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.73:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.74:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.75:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.15:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.16:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.17:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.18:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.19:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.20:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.106:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.107:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.108:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.109:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.110:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.111:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
D:\Documents and Settings\oh snap\Cookies\oh snap@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.533:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.534:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.535:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end




Kerposky
Wednesday, August 09, 2006 12:17:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/08/2006
Kaspersky Anti-Virus database records: 213671
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 20255
Number of viruses found 9
Number of infected objects 24 / 0
Number of suspicious objects 0
Duration of the scan process 00:12:58

Infected Object Name Virus Name Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9948B5B4-3E18-4FE6-AEB6-94CF881296E7}\RP351\A0065348.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\System Volume Information\_restore{9948B5B4-3E18-4FE6-AEB6-94CF881296E7}\RP351\A0065418.exe Infected: not-a-virus:NetTool.Win32.Scan.12 skipped
D:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-08-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\history.dat Object is locked skipped
D:\Documents and Settings\oh snap\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\parent.lock Object is locked skipped
D:\Documents and Settings\oh snap\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\oh snap\Desktop\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
D:\Documents and Settings\oh snap\Desktop\OiUninstaller.exe NSIS: infected - 1 skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Application Data\Mozilla\Firefox\Profiles\x3s8ixjk.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\oh snap\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\oh snap\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\oh snap\ntuser.dat.LOG Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
D:\Program Files\Norton AntiVirus\Quarantine\06C87B80.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
D:\Program Files\Norton AntiVirus\Quarantine\06C87B80.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
D:\Program Files\Norton AntiVirus\Quarantine\06C87B80.exe NSIS: infected - 2 skipped
D:\Program Files\Norton AntiVirus\Quarantine\06C87B80.exe CryptFF: infected - 2 skipped
D:\Program Files\Norton AntiVirus\Quarantine\208D43B4.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
D:\Program Files\Norton AntiVirus\Quarantine\208D43B4.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
D:\Program Files\Norton AntiVirus\Quarantine\208D43B4.exe NSIS: infected - 2 skipped
D:\Program Files\Norton AntiVirus\Quarantine\208D43B4.exe CryptFF: infected - 2 skipped
D:\Program Files\Norton AntiVirus\Quarantine\22F13C73.000 Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
D:\Program Files\Norton AntiVirus\Quarantine\22F4666F.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
D:\Program Files\Norton AntiVirus\Quarantine\252E7492.exe Infected: Trojan-Downloader.Win32.Zlob.abc skipped
D:\Program Files\Norton AntiVirus\Quarantine\27F0618A.exe Infected: Trojan-Dropper.Win32.VB.nn skipped
D:\Program Files\Norton AntiVirus\Quarantine\27F30B86.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
D:\Program Files\Norton AntiVirus\Quarantine\27F30B86.exe NSIS: infected - 1 skipped
D:\Program Files\Norton AntiVirus\Quarantine\27F30B86.exe CryptFF: infected - 1 skipped
D:\Program Files\Norton AntiVirus\Quarantine\28475A92.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
D:\Program Files\Norton AntiVirus\Quarantine\41001D81.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
D:\Program Files\Norton AntiVirus\Quarantine\41001D81.exe NSIS: infected - 1 skipped
D:\Program Files\Norton AntiVirus\Quarantine\41001D81.exe CryptFF: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\WINDOWS\system32\geebc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\{00000002-00000000-00000008-00001102-00000004-10071102}.CDF Object is locked skipped
Scan process completed.



If needed to uploaded as attachments just reply sayiing to do so

 

Spotted something from your logs. Please relocate combofix to your Desktop

Then go to Start > Run - paste in the following command & click OK

"%userprofile%\desktop\combofix.exe" /admin /v geebc​

When finished, it shall produce a log for you. Post that log in your next reply

 

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\geebc.dll
D:\WINDOWS\system32\cbeeg.bak1
D:\WINDOWS\system32\cbeeg.bak2
D:\WINDOWS\system32\cbeeg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Program Files\Common Files\{0CDAD3CC-08A2-1033-0611-040719040001}


((((((((((((((((((((((((((((((( Files Created from 2006-07-09 to 2006-08-09 ))))))))))))))))))))))))))))))))))


2006-07-27 19:58 40,973 D:\WINDOWS\system32\xxyxyxy.dll
2006-07-27 19:55 17,920 D:\WINDOWS\system32\mdimon.dll
2006-07-27 19:13 30,505 D:\WINDOWS\SSSETUP.EXE
2006-07-21 20:51 11,776 D:\WINDOWS\INRES.DLL
2006-07-21 20:51 10,240 D:\WINDOWS\CTDCRES.DLL
2006-07-21 20:17 22,752 D:\WINDOWS\system32\spupdsvc.exe
2006-07-21 20:13 520,192 D:\WINDOWS\system32\ati2sgag.exe
2006-07-21 19:33 7,360,512 D:\WINDOWS\system32\RTLCPL.EXE
2006-07-21 19:33 67,072 D:\WINDOWS\SOUNDMAN.EXE
2006-07-21 19:33 65,536 D:\WINDOWS\system32\Audio3D.dll
2006-07-21 19:33 4,096 D:\WINDOWS\system32\ksuser.dll
2006-07-21 19:33 155,648 D:\WINDOWS\system32\RTLCPAPI.dll
2006-07-21 19:32 306,688 D:\WINDOWS\IsUninst.exe
2006-07-21 19:32 208,896 D:\WINDOWS\alcupd.exe
2006-07-21 19:32 139,264 D:\WINDOWS\alcrmv.exe
2006-07-21 19:29 83,456 D:\WINDOWS\system32\nvraidservice.exe
2006-07-21 19:29 8,192 D:\WINDOWS\system32\bdco1.dll
2006-07-21 19:29 7,168 D:\WINDOWS\system32\NvRaidEnu.dll
2006-07-21 19:29 6,144 D:\WINDOWS\system32\NvRaidSvEnu.dll
2006-07-21 19:29 37,888 D:\WINDOWS\system32\NvRaidWizardEnu.dll
2006-07-21 19:29 31,744 D:\WINDOWS\system32\nvconrm.dll
2006-07-21 19:29 302,080 D:\WINDOWS\system32\NvRaidWizard.dll
2006-07-21 19:29 291,328 D:\WINDOWS\system32\idecoi.dll
2006-07-21 19:29 29,696 D:\WINDOWS\system32\NVCOG.DLL
2006-07-21 19:29 239,104 D:\WINDOWS\system32\NvRaidMan.exe
2006-07-21 19:29 198,656 D:\WINDOWS\system32\fdco1.dll
2006-07-21 19:29 18,432 D:\WINDOWS\system32\nvraidco.dll
2006-07-21 19:29 172,032 D:\WINDOWS\system32\nvusmb.exe
2006-07-21 19:29 172,032 D:\WINDOWS\system32\NVUNINST.EXE
2006-07-21 19:29 172,032 D:\WINDOWS\system32\nvugart.exe
2006-07-21 19:29 159,744 D:\WINDOWS\system32\nvunrm.exe
2006-07-21 19:29 159,744 D:\WINDOWS\system32\nvuide.exe
2006-07-21 19:22 91,904 D:\WINDOWS\system32\S32EVNT1.DLL
2006-07-21 19:22 466,944 D:\WINDOWS\system32\capicom.dll
2006-07-21 19:16 112,128 D:\WINDOWS\system32\mapi32.dll
2006-07-21 19:15 12,288 D:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 19:15 11,264 D:\WINDOWS\system32\atrace.dll
2006-07-21 19:14 81,920 D:\WINDOWS\system32\isign32.dll
2006-07-21 19:14 81,920 D:\WINDOWS\system32\ils.dll
2006-07-21 19:14 8,192 D:\WINDOWS\system32\bitsprx2.dll
2006-07-21 19:14 73,728 D:\WINDOWS\system32\icwdial.dll
2006-07-21 19:14 7,168 D:\WINDOWS\system32\bitsprx3.dll
2006-07-21 19:14 69,632 D:\WINDOWS\system32\msconf.dll
2006-07-21 19:14 679,424 D:\WINDOWS\system32\inetcomm.dll
2006-07-21 19:14 67,584 D:\WINDOWS\system32\srclient.dll
2006-07-21 19:14 65,536 D:\WINDOWS\system32\icwphbk.dll
2006-07-21 19:14 64,512 D:\WINDOWS\system32\acctres.dll
2006-07-21 19:14 6,656 D:\WINDOWS\system32\wuauserv.dll
2006-07-21 19:14 48,128 D:\WINDOWS\system32\inetres.dll
2006-07-21 19:14 465,176 D:\WINDOWS\system32\wuapi.dll
2006-07-21 19:14 45,568 D:\WINDOWS\system32\safrslv.dll
2006-07-21 19:14 43,520 D:\WINDOWS\system32\safrcdlg.dll
2006-07-21 19:14 43,520 D:\WINDOWS\system32\racpldlg.dll
2006-07-21 19:14 41,240 D:\WINDOWS\system32\wups.dll
2006-07-21 19:14 382,464 D:\WINDOWS\system32\qmgr.dll
2006-07-21 19:14 34,560 D:\WINDOWS\system32\mnmdd.dll
2006-07-21 19:14 32,768 D:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 19:14 32,768 D:\WINDOWS\system32\isrdbg32.dll
2006-07-21 19:14 29,696 D:\WINDOWS\system32\safrdm.dll
2006-07-21 19:14 28,672 D:\WINDOWS\system32\nmmkcert.dll
2006-07-21 19:14 274,944 D:\WINDOWS\system32\mstask.dll
2006-07-21 19:14 274,432 D:\WINDOWS\system32\inetcfg.dll
2006-07-21 19:14 252,928 D:\WINDOWS\system32\msoeacct.dll
2006-07-21 19:14 239,104 D:\WINDOWS\system32\srrstr.dll
2006-07-21 19:14 22,528 D:\WINDOWS\system32\fltMc.exe
2006-07-21 19:14 194,328 D:\WINDOWS\system32\wuaueng1.dll
2006-07-21 19:14 190,976 D:\WINDOWS\system32\schedsvc.dll
2006-07-21 19:14 18,944 D:\WINDOWS\system32\qmgrprxy.dll
2006-07-21 19:14 173,536 D:\WINDOWS\system32\wuweb.dll
2006-07-21 19:14 172,312 D:\WINDOWS\system32\wuauclt1.exe
2006-07-21 19:14 170,496 D:\WINDOWS\system32\srsvc.dll
2006-07-21 19:14 16,896 D:\WINDOWS\system32\fltlib.dll
2006-07-21 19:14 16,384 D:\WINDOWS\system32\icfgnt5.dll
2006-07-21 19:14 127,256 D:\WINDOWS\system32\wucltui.dll
2006-07-21 19:14 124,184 D:\WINDOWS\system32\wuauclt.exe
2006-07-21 19:14 12,288 D:\WINDOWS\system32\mstinit.exe
2006-07-21 19:14 105,984 D:\WINDOWS\system32\msoert2.dll
2006-07-21 19:14 1,343,768 D:\WINDOWS\system32\wuaueng.dll
2006-07-21 19:13 97,792 D:\WINDOWS\system32\comrepl.dll
2006-07-21 19:13 956,416 D:\WINDOWS\system32\msdtctm.dll
2006-07-21 19:13 93,696 D:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 19:13 91,136 D:\WINDOWS\system32\mtxoci.dll
2006-07-21 19:13 9,728 D:\WINDOWS\system32\reset.exe
2006-07-21 19:13 87,176 D:\WINDOWS\system32\rdpwsx.dll
2006-07-21 19:13 85,504 D:\WINDOWS\system32\catsrvps.dll
2006-07-21 19:13 80,384 D:\WINDOWS\system32\charmap.exe
2006-07-21 19:13 73,216 D:\WINDOWS\system32\avwav.dll
2006-07-21 19:13 67,072 D:\WINDOWS\system32\rdshost.exe
2006-07-21 19:13 655,360 D:\WINDOWS\system32\mstscax.dll
2006-07-21 19:13 625,152 D:\WINDOWS\system32\catsrvut.dll
2006-07-21 19:13 62,464 D:\WINDOWS\system32\rdpclip.exe
2006-07-21 19:13 605,696 D:\WINDOWS\system32\getuname.dll
2006-07-21 19:13 60,416 D:\WINDOWS\system32\remotepg.dll
2006-07-21 19:13 60,416 D:\WINDOWS\system32\colbact.dll
2006-07-21 19:13 6,144 D:\WINDOWS\system32\msdtc.exe
2006-07-21 19:13 58,880 D:\WINDOWS\system32\msdtclog.dll
2006-07-21 19:13 58,880 D:\WINDOWS\system32\licwmi.dll
2006-07-21 19:13 56,832 D:\WINDOWS\system32\sol.exe
2006-07-21 19:13 56,320 D:\WINDOWS\system32\servdeps.dll
2006-07-21 19:13 55,296 D:\WINDOWS\system32\freecell.exe
2006-07-21 19:13 540,160 D:\WINDOWS\system32\comuid.dll
2006-07-21 19:13 54,272 D:\WINDOWS\system32\stclient.dll
2006-07-21 19:13 538,624 D:\WINDOWS\system32\spider.exe
2006-07-21 19:13 5,632 D:\WINDOWS\system32\write.exe
2006-07-21 19:13 5,120 D:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 19:13 498,688 D:\WINDOWS\system32\clbcatq.dll
2006-07-21 19:13 44,544 D:\WINDOWS\system32\tscupgrd.exe
2006-07-21 19:13 44,544 D:\WINDOWS\system32\hticons.dll
2006-07-21 19:13 426,496 D:\WINDOWS\system32\msdtcprx.dll
2006-07-21 19:13 407,552 D:\WINDOWS\system32\mstsc.exe
2006-07-21 19:13 4,096 D:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 19:13 4,096 D:\WINDOWS\system32\mtxex.dll
2006-07-21 19:13 38,912 D:\WINDOWS\system32\cfgbkend.dll
2006-07-21 19:13 35,328 D:\WINDOWS\system32\winchat.exe
2006-07-21 19:13 347,136 D:\WINDOWS\system32\hypertrm.dll
2006-07-21 19:13 343,040 D:\WINDOWS\system32\mspaint.exe
2006-07-21 19:13 33,792 D:\WINDOWS\system32\regini.exe
2006-07-21 19:13 295,424 D:\WINDOWS\system32\termsrv.dll
2006-07-21 19:13 25,600 D:\WINDOWS\system32\comaddin.dll
2006-07-21 19:13 25,088 D:\WINDOWS\system32\mtxlegih.dll
2006-07-21 19:13 227,840 D:\WINDOWS\system32\avtapi.dll
2006-07-21 19:13 225,792 D:\WINDOWS\system32\catsrv.dll
2006-07-21 19:13 22,016 D:\WINDOWS\system32\qwinsta.exe
2006-07-21 19:13 20,992 D:\WINDOWS\system32\msg.exe
2006-07-21 19:13 20,480 D:\WINDOWS\system32\qprocess.exe
2006-07-21 19:13 20,480 D:\WINDOWS\system32\mtxdm.dll
2006-07-21 19:13 19,968 D:\WINDOWS\system32\rdpsnd.dll
2006-07-21 19:13 185,344 D:\WINDOWS\system32\cmprops.dll
2006-07-21 19:13 183,808 D:\WINDOWS\system32\accwiz.exe
2006-07-21 19:13 17,408 D:\WINDOWS\system32\mmfutil.dll
2006-07-21 19:13 161,280 D:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 19:13 16,896 D:\WINDOWS\system32\tsshutdn.exe
2006-07-21 19:13 16,896 D:\WINDOWS\system32\qappsrv.exe
2006-07-21 19:13 16,384 D:\WINDOWS\system32\tskill.exe
2006-07-21 19:13 16,384 D:\WINDOWS\system32\avmeter.dll
2006-07-21 19:13 15,872 D:\WINDOWS\system32\rwinsta.exe
2006-07-21 19:13 15,872 D:\WINDOWS\system32\cdmodem.dll
2006-07-21 19:13 15,360 D:\WINDOWS\system32\logoff.exe
2006-07-21 19:13 147,968 D:\WINDOWS\system32\rdchost.dll
2006-07-21 19:13 147,456 D:\WINDOWS\system32\comsnap.dll
2006-07-21 19:13 140,800 D:\WINDOWS\system32\sessmgr.exe
2006-07-21 19:13 14,848 D:\WINDOWS\system32\tsdiscon.exe
2006-07-21 19:13 14,848 D:\WINDOWS\system32\tscon.exe
2006-07-21 19:13 14,848 D:\WINDOWS\system32\shadow.exe
2006-07-21 19:13 138,752 D:\WINDOWS\system32\sndvol32.exe
2006-07-21 19:13 131,584 D:\WINDOWS\system32\sndrec32.exe
2006-07-21 19:13 13,824 D:\WINDOWS\system32\rdsaddin.exe
2006-07-21 19:13 126,976 D:\WINDOWS\system32\mshearts.exe
2006-07-21 19:13 123,392 D:\WINDOWS\system32\mplay32.exe
2006-07-21 19:13 119,808 D:\WINDOWS\system32\winmine.exe
2006-07-21 19:13 114,688 D:\WINDOWS\system32\calc.exe
2006-07-21 19:13 110,080 D:\WINDOWS\system32\clbcatex.dll
2006-07-21 19:13 11,776 D:\WINDOWS\system32\xolehlp.dll
2006-07-21 19:13 11,264 D:\WINDOWS\system32\icaapi.dll
2006-07-21 19:13 102,912 D:\WINDOWS\system32\clipbrd.exe
2006-07-21 19:13 1,267,200 D:\WINDOWS\system32\comsvcs.dll
2006-07-21 19:13 1,161 D:\WINDOWS\system32\usrlogon.cmd
2006-07-21 15:09 74,240 D:\WINDOWS\system32\usbui.dll
2006-07-21 15:08 85,020 D:\WINDOWS\system32\dgsetup.dll
2006-07-21 15:08 8,704 D:\WINDOWS\system32\batt.dll
2006-07-21 15:08 8,192 D:\WINDOWS\system32\kbdhept.dll
2006-07-21 15:08 74,752 D:\WINDOWS\system32\storprop.dll
2006-07-21 15:08 7,168 D:\WINDOWS\system32\kbdcz.dll
2006-07-21 15:08 69,120 D:\WINDOWS\NOTEPAD.EXE
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdycl.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdsl1.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdsl.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdpl.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdhu.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdhela3.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdcz2.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdcz1.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\kbdcr.dll
2006-07-21 15:08 6,656 D:\WINDOWS\system32\KBDAL.DLL
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdtuq.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdtuf.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdlv1.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdlv.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdhela2.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdgkl.dll
2006-07-21 15:08 6,144 D:\WINDOWS\system32\kbdest.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdycc.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbduzb.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdur.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdtat.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdru1.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdru.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdro.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdpl1.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdmon.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdlt1.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdlt.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdkyr.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdkaz.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdhu1.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdhe319.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdhe220.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdhe.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdbu.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdblr.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdazel.dll
2006-07-21 15:08 5,632 D:\WINDOWS\system32\kbdaze.dll
2006-07-21 15:08 24,661 D:\WINDOWS\system32\spxcoins.dll
2006-07-21 15:08 176,157 D:\WINDOWS\system32\dgrpsetu.dll
2006-07-21 15:08 15,360 D:\WINDOWS\TASKMAN.EXE
2006-07-21 15:08 13,312 D:\WINDOWS\system32\irclass.dll
2006-07-21 15:08 103,424 D:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-09 13:46 ------- d-------- D:\Program Files\Common Files
2006-08-09 11:34 ------- d-------- D:\Program Files\ewido anti-spyware 4.0
2006-08-09 03:05 ------- d-------- D:\Program Files\mIRC
2006-08-08 22:39 ------- d-------- D:\Program Files\Steam
2006-08-08 20:41 7363 --a------ D:\Program Files\install.log
2006-08-08 19:49 ------- d-------- D:\Program Files\Internet Explorer
2006-08-08 19:42 ------- d-------- D:\Program Files\OpenOffice.org 2.0
2006-08-08 11:53 ------- d-------- D:\Program Files\components
2006-08-05 08:59 ------- d---s---- D:\Documents and Settings\oh snap\Application Data\Microsoft
2006-08-03 00:28 959 --a------ D:\Program Files\updates.xml
2006-08-03 00:28 8322 --a------ D:\Program Files\AccessibleMarshal.dll
2006-08-03 00:28 7786 --a------ D:\Program Files\xpcom.dll
2006-08-03 00:28 7183469 --a------ D:\Program Files\firefox.exe
2006-08-03 00:28 68213 --a------ D:\Program Files\xpcom_compat.dll
2006-08-03 00:28 6768 --a------ D:\Program Files\xpistub.dll
2006-08-03 00:28 63606 --a------ D:\Program Files\xpicleanup.exe
2006-08-03 00:28 57 --a------ D:\Program Files\active-update.xml
2006-08-03 00:28 476 --a------ D:\Program Files\softokn3.chk
2006-08-03 00:28 416359 --a------ D:\Program Files\js3250.dll
2006-08-03 00:28 400496 --a------ D:\Program Files\xpcom_core.dll
2006-08-03 00:28 364654 --a------ D:\Program Files\softokn3.dll
2006-08-03 00:28 364646 --a------ D:\Program Files\nss3.dll
2006-08-03 00:28 28787 --a------ D:\Program Files\plc4.dll
2006-08-03 00:28 24686 --a------ D:\Program Files\plds4.dll
2006-08-03 00:28 237677 --a------ D:\Program Files\nssckbi.dll
2006-08-03 00:28 155758 --a------ D:\Program Files\nspr4.dll
2006-08-03 00:28 123524 --a------ D:\Program Files\updater.exe
2006-08-03 00:28 110694 --a------ D:\Program Files\ssl3.dll
2006-08-03 00:28 106602 --a------ D:\Program Files\smime3.dll
2006-08-03 00:28 ------- d-------- D:\Program Files\updates
2006-08-03 00:28 ------- d-------- D:\Program Files\uninstall
2006-08-03 00:28 ------- d-------- D:\Program Files\plugins
2006-08-03 00:28 ------- d-------- D:\Program Files\chrome
2006-08-02 12:32 ------- d-------- D:\Program Files\Sunbelt Software
2006-08-02 10:39 ------- d-------- D:\Documents and Settings\oh snap\Application Data\AdobeUM
2006-07-28 14:29 ------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-07-28 13:58 ------- d-------- D:\Program Files\CleanUp!
2006-07-28 12:25 ------- d-------- D:\Program Files\Spybot - Search & Destroy
2006-07-27 19:59 ------- d-------- D:\Program Files\Norton AntiVirus
2006-07-27 19:58 40973 ---hs---- D:\WINDOWS\system32\xxyxyxy.dll
2006-07-27 19:54 ------- d-------- D:\Program Files\Microsoft.NET
2006-07-27 19:54 ------- d-------- D:\Program Files\Microsoft Office
2006-07-27 19:54 ------- d-------- D:\Program Files\Microsoft ActiveSync
2006-07-27 19:54 ------- d-------- D:\Program Files\Common Files\System
2006-07-27 19:54 ------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-07-27 19:54 ------- d-------- D:\Program Files\Common Files\DESIGNER
2006-07-27 19:20 ------- d-------- D:\Documents and Settings\oh snap\Application Data\OpenOffice.org2
2006-07-26 20:38 ------- d-------- D:\Program Files\Common Files\Adobe
2006-07-26 20:38 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Adobe
2006-07-26 20:33 875 --a------ D:\Documents and Settings\oh snap\Application Data\AdobeDLM.log
2006-07-26 20:33 0 --a------ D:\Documents and Settings\oh snap\Application Data\dm.ini
2006-07-26 20:33 ------- d-------- D:\Program Files\Adobe
2006-07-25 18:03 466944 --a------ D:\WINDOWS\system32\capicom.dll
2006-07-25 13:16 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Ventrilo
2006-07-23 16:39 ------- d-------- D:\Program Files\ESEA
2006-07-22 09:27 ------- d-------- D:\Program Files\Windows Media Player
2006-07-22 09:18 ------- d-------- D:\Program Files\XP Codec Pack
2006-07-22 09:02 ------- d-------- D:\Program Files\DivX
2006-07-22 03:06 ------- d-------- D:\Program Files\Messenger
2006-07-21 21:09 ------- d-------- D:\Program Files\Outlook Express
2006-07-21 21:07 ------- d-------- D:\Program Files\QuickTime
2006-07-21 21:07 ------- d-------- D:\Program Files\iTunes
2006-07-21 21:07 ------- d-------- D:\Program Files\iPod
2006-07-21 21:07 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Apple Computer
2006-07-21 21:02 ------- d-------- D:\Program Files\Ventrilo
2006-07-21 21:02 ------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2006-07-21 20:58 ------- d-------- D:\Program Files\AIM
2006-07-21 20:56 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Aim
2006-07-21 20:55 ------- d-------- D:\Program Files\Viewpoint
2006-07-21 20:55 ------- d-------- D:\Program Files\AOD
2006-07-21 20:52 ------- d--h----- D:\Program Files\InstallShield Installation Information
2006-07-21 20:52 ------- d-------- D:\Program Files\Creative
2006-07-21 20:51 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Creative
2006-07-21 20:50 0 --a------ D:\Program Files\.autoreg
2006-07-21 20:50 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Macromedia
2006-07-21 20:22 ------- d-------- D:\Program Files\Lavasoft
2006-07-21 20:22 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Lavasoft
2006-07-21 20:20 ------- d-------- D:\Program Files\KCeasy
2006-07-21 20:18 30869 --a------ D:\Program Files\LICENSE
2006-07-21 20:18 2983 --a------ D:\Program Files\install_wizard.log
2006-07-21 20:18 230 --a------ D:\Program Files\browserconfig.properties
2006-07-21 20:18 177 --a------ D:\Program Files\README.txt
2006-07-21 20:18 145 --a------ D:\Program Files\updater.ini
2006-07-21 20:18 1417 --a------ D:\Program Files\install_status.log
2006-07-21 20:18 ------- d-------- D:\Program Files\searchplugins
2006-07-21 20:18 ------- d-------- D:\Program Files\res
2006-07-21 20:18 ------- d-------- D:\Program Files\greprefs
2006-07-21 20:18 ------- d-------- D:\Program Files\extensions
2006-07-21 20:18 ------- d-------- D:\Program Files\defaults
2006-07-21 20:18 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Mozilla
2006-07-21 20:15 ------- d-------- D:\Documents and Settings\oh snap\Application Data\ATI
2006-07-21 20:13 ------- d-------- D:\Program Files\ATI Technologies
2006-07-21 19:36 ------- d-------- D:\Program Files\SymNetDrv
2006-07-21 19:36 ------- d-------- D:\Program Files\Symantec
2006-07-21 19:32 ------- d-------- D:\Program Files\Marvell
2006-07-21 19:32 ------- d-------- D:\Program Files\Gigabyte
2006-07-21 19:32 ------- d-------- D:\Program Files\Common Files\InstallShield
2006-07-21 19:26 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Symantec
2006-07-21 19:22 4608 --a------ D:\WINDOWS\system32\drivers\symlcbrd.sys
2006-07-21 19:19 ------- d--h----- D:\Program Files\Uninstall Information
2006-07-21 19:19 ------- d-------- D:\Documents and Settings\oh snap\Application Data\Identities
2006-07-21 19:16 0 d-------- D:\WINDOWS\system32\xircom
2006-07-21 19:16 ------- d-------- D:\Program Files\xerox
2006-07-21 19:16 ------- d-------- D:\Program Files\microsoft frontpage
2006-07-21 19:15 ------- d--h----- D:\Program Files\WindowsUpdate
2006-07-21 19:15 ------- d-------- D:\Program Files\NetMeeting
2006-07-21 19:14 ------- d-------- D:\Program Files\Movie Maker
2006-07-21 19:14 ------- d-------- D:\Program Files\ComPlus Applications
2006-07-21 19:14 ------- d-------- D:\Program Files\Common Files\Services
2006-07-21 19:14 ------- d-------- D:\Program Files\Common Files\MSSoap
2006-07-21 19:13 ------- d-------- D:\Program Files\Windows NT
2006-07-21 19:13 ------- d-------- D:\Program Files\Online Services
2006-07-21 19:13 ------- d-------- D:\Program Files\MSN Gaming Zone
2006-07-21 19:13 ------- d-------- D:\Program Files\MSN
2006-07-21 15:08 ------- d-------- D:\Program Files\Common Files\SpeechEngines
2006-07-21 15:08 ------- d-------- D:\Program Files\Common Files\ODBC
2006-07-21 15:07 62 --ahs---- D:\Documents and Settings\oh snap\Application Data\desktop.ini
2006-07-14 11:31 332288 --a------ D:\WINDOWS\system32\netapi32.dll
2006-07-03 17:40 778240 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 17:40 778240 --a------ D:\WINDOWS\system32\divx_xx07.dll
2006-07-03 17:40 761856 --a------ D:\WINDOWS\system32\divx_xx11.dll
2006-07-03 17:40 620180 --a------ D:\WINDOWS\system32\DivX.dll
2006-06-21 06:49 53248 --a------ D:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 06:43 520192 --a------ D:\WINDOWS\system32\DivXsm.exe
2006-06-21 06:43 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2006-06-21 06:42 200704 --a------ D:\WINDOWS\system32\ssldivx.dll
2006-06-21 06:42 1044480 --a------ D:\WINDOWS\system32\libdivx.dll
2006-06-21 06:34 90112 --a------ D:\WINDOWS\system32\dpl100.dll
2006-06-21 06:34 593920 --a------ D:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 06:34 57344 --a------ D:\WINDOWS\system32\dpv11.dll
2006-06-21 06:34 344064 --a------ D:\WINDOWS\system32\dpus11.dll
2006-06-21 06:34 294912 --a------ D:\WINDOWS\system32\dpu11.dll
2006-06-21 06:34 294912 --a------ D:\WINDOWS\system32\dpu10.dll
2006-06-21 06:34 200704 --a------ D:\WINDOWS\system32\dtu100.dll
2006-06-21 06:33 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 06:33 118784 --a------ D:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-19 16:20 702768 --------- D:\WINDOWS\system32\WgaLogon.dll
2006-06-07 17:09 260096 --a------ D:\WINDOWS\system32\ati2dvag.dll
2006-06-07 17:07 307200 --a------ D:\WINDOWS\system32\atiiiexx.dll
2006-06-07 17:04 77824 --a------ D:\WINDOWS\system32\Oemdspif.dll
2006-06-07 17:04 61440 --a------ D:\WINDOWS\system32\ati2evxx.dll
2006-06-07 17:04 41984 --a------ D:\WINDOWS\system32\ati2edxx.dll
2006-06-07 17:04 26112 --a------ D:\WINDOWS\system32\Ati2mdxx.exe
2006-06-07 17:04 114688 --a------ D:\WINDOWS\system32\atipdlxx.dll
2006-06-07 17:03 409600 --a------ D:\WINDOWS\system32\ati2evxx.exe
2006-06-07 17:02 53248 --a------ D:\WINDOWS\system32\ATIDDC.DLL
2006-06-07 16:56 2754784 --a------ D:\WINDOWS\system32\ati3duag.dll
2006-06-07 16:51 1751488 --a------ D:\WINDOWS\system32\ativvaxx.dll
2006-06-07 16:46 6684672 --a------ D:\WINDOWS\system32\atioglx1.dll
2006-06-07 16:43 5050368 --a------ D:\WINDOWS\system32\atioglxx.dll
2006-06-07 16:40 204800 --a------ D:\WINDOWS\system32\atikvmag.dll
2006-06-07 16:39 17408 --a------ D:\WINDOWS\system32\atitvo32.dll
2006-06-07 16:38 290816 --a------ D:\WINDOWS\system32\ATIDEMGR.dll
2006-06-07 16:35 286720 --a------ D:\WINDOWS\system32\ati2cqag.dll
2006-06-07 16:27 520192 --------- D:\WINDOWS\system32\ati2sgag.exe
2006-05-19 08:59 94720 --a------ D:\WINDOWS\system32\iphlpapi.dll
2006-05-19 08:59 148480 --a------ D:\WINDOWS\system32\dnsapi.dll
2006-05-19 08:59 111616 --a------ D:\WINDOWS\system32\dhcpcsvc.dll
2006-05-09 22:36 6656 --------- D:\WINDOWS\system32\WdfMgr.exe
2006-05-09 22:36 6656 --------- D:\WINDOWS\system32\uWDF.exe
2006-05-09 22:26 992256 --a------ D:\WINDOWS\system32\WMNetMgr.dll
2006-05-09 22:26 97792 --a------ D:\WINDOWS\system32\wmpshell.dll
2006-05-09 22:26 9728 --a------ D:\WINDOWS\system32\LAPRXY.dll
2006-05-09 22:26 7706112 --a------ D:\WINDOWS\system32\wmploc.dll
2006-05-09 22:26 7168 --a------ D:\WINDOWS\system32\asferror.dll
2006-05-09 22:26 705024 --a------ D:\WINDOWS\system32\WMADMOD.dll
2006-05-09 22:26 564736 --a------ D:\WINDOWS\system32\WMSPDMOD.dll
2006-05-09 22:26 433152 --------- D:\WINDOWS\system32\wmpeffects.dll
2006-05-09 22:26 417280 --------- D:\WINDOWS\system32\wmdrmdev.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\wmvdmoe2.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\wmvdmod.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\wmsdmoe2.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\wmsdmod.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\MPG4DMOD.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\MP4SDMOD.dll
2006-05-09 22:26 4096 --a------ D:\WINDOWS\system32\MP43DMOD.dll
2006-05-09 22:26 4096 --------- D:\WINDOWS\system32\WMVADVE.DLL
2006-05-09 22:26 4096 --------- D:\WINDOWS\system32\WMVADVD.dll
2006-05-09 22:26 4096 --------- D:\WINDOWS\system32\wdfApi.dll
2006-05-09 22:26 36864 --a------ D:\WINDOWS\system32\WMDMPS.dll
2006-05-09 22:26 337408 --------- D:\WINDOWS\system32\wmdrmnet.dll
2006-05-09 22:26 31744 --a------ D:\WINDOWS\system32\WMDMLOG.dll
2006-05-09 22:26 306688 --a------ D:\WINDOWS\system32\MSWMDM.dll
2006-05-09 22:26 301056 --a------ D:\WINDOWS\system32\wmpdxm.dll
2006-05-09 22:26 267776 --------- D:\WINDOWS\system32\Audiodev.dll
2006-05-09 22:26 26112 --a------ D:\WINDOWS\system32\MsPMSNSv.dll
2006-05-09 22:26 237056 --a------ D:\WINDOWS\system32\wmpasf.dll
2006-05-09 22:26 221696 --a------ D:\WINDOWS\system32\wmasf.dll
2006-05-09 22:26 219648 --a------ D:\WINDOWS\system32\CEWMDM.dll
2006-05-09 22:26 218112 --a------ D:\WINDOWS\system32\wmerror.dll
2006-05-09 22:26 212480 --a------ D:\WINDOWS\system32\msnetobj.dll
2006-05-09 22:26 203776 --------- D:\WINDOWS\system32\wmpsrcwp.dll
2006-05-09 22:26 201728 --a------ D:\WINDOWS\system32\qasf.dll
2006-05-09 22:26 165376 --a------ D:\WINDOWS\system32\MsPMSP.dll
2006-05-09 22:26 1641472 --------- D:\WINDOWS\system32\wmpencen.dll
2006-05-09 22:26 155136 --a------ D:\WINDOWS\system32\wmidx.dll
2006-05-09 22:26 135680 --------- D:\WINDOWS\system32\wmpps.dll
2006-05-09 22:26 1280000 --a------ D:\WINDOWS\system32\WMSPDMOE.dll
2006-05-09 22:26 1063424 --a------ D:\WINDOWS\system32\WMADMOE.dll
2006-05-09 22:22 2463744 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-05-09 21:02 84480 --a------ D:\WINDOWS\system32\logagent.exe
2006-05-09 21:01 1463808 --------- D:\WINDOWS\system32\WMVDECOD.dll
2006-05-09 21:01 1359360 --------- D:\WINDOWS\system32\WMVSDECD.dll
2006-05-09 21:00 770560 --------- D:\WINDOWS\system32\WMVSENCD.dll
2006-05-09 21:00 636928 --------- D:\WINDOWS\system32\WMVXENCD.dll
2006-05-09 21:00 546816 --------- D:\WINDOWS\system32\wmpmde.dll
2006-05-09 21:00 382976 --------- D:\WINDOWS\system32\MFPLAT.dll
2006-05-09 21:00 299520 --------- D:\WINDOWS\system32\MP4SDECD.dll
2006-05-09 21:00 241152 --------- D:\WINDOWS\system32\MPG4DECD.dll
2006-05-09 21:00 241152 --------- D:\WINDOWS\system32\MP43DECD.dll
2006-05-09 21:00 1455616 --------- D:\WINDOWS\system32\WMVENCOD.dll
2006-05-09 21:00 1350656 --a------ D:\WINDOWS\system32\drmv2clt.dll
2006-05-09 20:59 585216 --a------ D:\WINDOWS\system32\blackbox.dll
2006-05-09 20:59 513536 --------- D:\WINDOWS\system32\wmdrmsdk.dll
2006-05-09 20:59 417280 --a------ D:\WINDOWS\system32\MSSCP.dll
2006-05-09 20:59 229376 --------- D:\WINDOWS\system32\drmupgds.exe
2006-05-09 20:58 670208 --------- D:\WINDOWS\system32\wpd_ci.dll
2006-05-09 20:58 55808 --------- D:\WINDOWS\system32\wpdmtpus.dll
2006-05-09 20:58 52224 --------- D:\WINDOWS\system32\WPDShServiceObj.dll
2006-05-09 20:58 3745280 --------- D:\WINDOWS\system32\WpdShext.dll
2006-05-09 20:58 35840 --------- D:\WINDOWS\system32\wpdconns.dll
2006-05-09 20:58 345600 --------- D:\WINDOWS\system32\PortableDeviceApi.dll
2006-05-09 20:58 343552 --------- D:\WINDOWS\system32\WPDSp.dll
2006-05-09 20:58 188928 --------- D:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-05-09 20:58 168960 --------- D:\WINDOWS\system32\PortableDeviceTypes.dll
2006-05-09 20:58 144896 --------- D:\WINDOWS\system32\wpdmtp.dll
2006-05-09 20:58 13824 --------- D:\WINDOWS\system32\wpdshextautoplay.exe
2006-05-09 20:58 13312 --------- D:\WINDOWS\system32\wpdtrace.dll
2006-05-09 20:58 103424 --------- D:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-05-09 20:58 101376 --------- D:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-05-09 20:57 11264 --------- D:\WINDOWS\system32\ehETW.dll
2006-05-09 20:45 304640 --------- D:\WINDOWS\system32\MSDelta.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NVRaidService"="D:\\WINDOWS\\system32\\nvraidservice.exe"
"SoundMan"="SOUNDMAN.EXE"
"Symantec NetDriver Monitor"="D:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ATICCC"="\"D:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"CTHelper"="CTHELPER.EXE"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunServer"="D:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"!ewido"="\"D:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060809-111535-847
R3 - URLSearchHook: (no name) - {7984BA81-763F-21B4-17FE-222755FAE9B8} - D:\WINDOWS\system32\vvhcpld.dll (file missing)

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - oh snap.job

Completion time: Wed 08/09/2006 13:47:20.07
ComboFix ver 06.08.09 - This logfile is located at D:\ComboFix.txt

ComboFix.txt

 

Uninstall this program - ViewPoint


Then, enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

• Tick - Show hidden files and folder
• Untick - Hide file extensions for known types
• Untick - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

• D:\WINDOWS\system32\xxyxyxy.dll
  D:\Program Files\Viewpoint

Reboot your machine & use your machine for a bit.
Post a fresh HIjackthis log & tell me ho wthe machine is behaving now.

 

No popups yet... =D



Logfile of HijackThis v1.99.1
Scan saved at 2:59:10 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\mIRC\mirc.exe
D:\PROGRA~1\FIREFOX.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7984BA81-763F-21B4-17FE-222755FAE9B8} - D:\WINDOWS\system32\vvhcpld.dll (file missing)
O2 - BHO: (no name) - {7FE961CC-9B80-4B84-B25F-732E8424BBF5} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winubg32 - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

O2 - BHO: (no name) - {7984BA81-763F-21B4-17FE-222755FAE9B8} - D:\WINDOWS\system32\vvhcpld.dll (file missing)
O2 - BHO: (no name) - {7FE961CC-9B80-4B84-B25F-732E8424BBF5} - (no file)
O20 - Winlogon Notify: winubg32 - D:\WINDOWS\

These entries needs to be fixed using HJT. But before doing so, you need to disable CounterSpy as it may intefere.
To disable CounterSpy:

• Right Click on the CounterSpy Icon located in your system tray.
• With your mouse, hover over Active Protection Status (This should be enabled)
• A menu will slide out, then right click on Disable Active Protection

Use the machine a bit more & if everything's okay, let me know.
I'll furnish you with some tips for securing the machine once we're certain that it's truly gone.

 

Okay I removed all of those. Could this be the winner?!


Logfile of HijackThis v1.99.1
Scan saved at 3:52:53 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\Steam\steam.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\nvraidservice.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\Steam\steam.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe