Constant Warnings - The operation has been cancelled due to restrictions in effect... - Page 2

Miniia · 06-23-2008, 10:31 PM

I couldn't scan with kaspersky because it said that i don't have the latest Java, even though i do.

Did you disable a lot of services using msconfig?
No I didn't.

File has already been analysed:
MD5: 2a51f6176a685c3205f6ca5d1220d0fe
First received: 01.15.2008 17:16:31 (CET)
Date: 04.15.2008 02:42:30 (CET) [>70D]
Results: 24/32
Permalink: analisis/659dd065e2cc7fdc157562ac0f675488

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:31 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\15171C1A1D1E20.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8251 bytes

**Angelfire777** · 06-23-2008, 10:46 PM

Hi,

What browser did you use to do the kaspersky scan? If you used firefox, please use IE instead.

*please answer this question:

Quote:

*Did you turn automatic updates off?

*click start > run > msconfig

Go to the services tab then click the enable all button. That should bring back all those services.

When it asks if you want to reboot, click exit without restarting.

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe

Close your browsers and all open windows except for HijackThis, then click "Fix checked".

Click "main menu"

Click on the tab "Misc Tools."
Click on "Delete File on Reboot."
copy and paste this - C:\WINDOWS\system32\15171C1A1D1E20.exe
HJT asks you if you want to reboot, now. Click "Yes".

Let me know how it goes.

Miniia · 06-23-2008, 11:31 PM

*Did you turn automatic updates off?
nop.

**Angelfire777** · 06-23-2008, 11:49 PM

add this then:

click start > run > copy and paste:

reg delete "HKLM\software\policies\microsoft\windows\windowsupdate\au" /v NoAutoUpdate /f

could you get kaspersky to scan now?

Miniia · 06-23-2008, 11:58 PM

After the reboot, a message popped up saying that something was change and that i should reboot the computer to undo that change. But I just cancelled out.

And I still can't scan.

Miniia · 06-24-2008, 12:02 AM

oh wait it works on firefox

Miniia · 06-24-2008, 12:10 AM

Now it says: "Starting Java applet has failed! Please go online to use this program."
Another prompt comes up saying that the program has failed to launch...

Miniia · 06-24-2008, 12:12 AM

oh I almost forgot, I was unable to uninstall the symantec software, it always stop half way I wait for a while. I mean I even went to the grocery store and came back and it wasn't done.

**Angelfire777** · 06-24-2008, 01:06 AM

Please run the tool HERE to clean all the leftovers of your Norton Antivirus..

Did you try the scan using IE? If it still won't work, use this one instead:

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

Miniia · 06-24-2008, 03:13 PM

The scan keeps stoping on this file: C:\Documents and Settings\All Users\Application Data\...\APQB.tmp

**Angelfire777** · 06-24-2008, 03:22 PM

Which scan are you referring to?

The file may be big and so the scan will take some time. Please try to wait for it and if it continues to stop there for a long time, let me know.

Miniia · 06-24-2008, 04:43 PM

KasperSky won't even open in IE because it can't start the Java Applet. However, in Firefox it downloads those updates needed, but the acutal scan doesn't take place because of the same reason, Java Applet won't start. And I've redownloaded Java and it still won't work.

The Eset Scan starts and everything, however, it stops on that file I mentioned prior. I search for that file and discovered it was in a Symantec folder.

About the Symantec Antivirius, the link you gave me doesn't uninstall symantec, only norton. I discovered this because when I used the Norton Removal Tool in safe mode (it wouldn't work normally) it said that Symantec had to be uninstalled through the "Add/Remove Programs" in the Control Panel. Oddly enough, when I tried to uninstall it again it said there was a fatal error due to a file called: APQA.tmp . weird huh? Sorry about having such a weirdo computer...

**Angelfire777** · 06-25-2008, 08:00 PM

Please try to delete that APQA.tmp file and see if symantec av would uninstall correctly. If it won't work, please let me know what kind of symantec av is installed (ie. Exact name of product and version)

Miniia · 06-25-2008, 11:16 PM

I have Symantec Antivirus
Full Version: 10.0.2.2000

I found this to manually uninstall Symantec.
http://service1.symantec.com/SUPPORT...05050210381448

Should i use it?

**Angelfire777** · 06-25-2008, 11:51 PM

Yes, that's the right one. The procedure requires a lot of registry editing. A little mistake could be fatal.

Have you tried deleting that APQA.tmp file first before uninstalling? If it won't work, I'm going to make a batch file to automate the process for you.

Miniia · 06-26-2008, 10:39 AM

that file is missing.

**Angelfire777** · 06-26-2008, 11:21 AM

Make sure your machine is configured to show hidden files:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

If the file still isn't there, please try to reinstall the program then uninstall it.

If that doesn't work, then we will attempt to remove it manually.

Miniia · 06-27-2008, 07:54 AM

I uninstalled symantec manually. Luckily, it has an option to backup the registry before doing anything! I used the back up once because I accidently deleted something. Everything's ok now.

Eset Scan ---

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3222 (20080626)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=be911c2282cafe408c18bc8b1bc1a60e
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-06-27 08:45:10
# local_time=2008-06-27 03:45:10 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=391152
# found=337
# scan_time=8952
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application 68FBA6AB00E8A0C0CB5191D7B0A76EA2
C:\AOL Instant Messenger\AIM.exe »WISE »MiniBugTransporter.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\AOL Instant Messenger\AIM.exe »WISE »MiniBugTransporter.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe Win32/Agent.NUG trojan 7B1DE9D82DAFAEB90AE757EDE2299F2B
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-3ed9fd92-4edf9c97.class Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-35070db3-6c3f2a92.class Java/TrojanDownloader.OpenStream.NAC trojan E4DEF9504FB160D876CA9A45D01E87D2
C:\Program Files\AIM\MiniBugTransporter.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Program Files\AIM\MiniBugTransporter.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Program Files\AIM\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Program Files\AIM\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Program Files\AIM\Sysfiles\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application 5CB0279BC8B35D99E79764293D279C85
C:\QooBox\Quarantine\catchme2008-06-21_153247.10.zip Win32/Agent.NUG trojan 08F69815878D407951AA6EDBCA2BBA11
C:\QooBox\Quarantine\catchme2008-06-21_153247.10.zip »ZIP »SpeedRunner.exe Win32/Agent.NUG trojan 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\Family\Application Data\SpeedRunner\SRUninstall.exe.vir Win32/Agent.NUG trojan 1AC39AEA6B22CDB4E6ED0C75F1D83467
C:\QooBox\Quarantine\C\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe.vir Win32/Agent.NVS trojan 4CCC08FB3CE7EAD370A0F9DA32F020E7
C:\QooBox\Quarantine\C\Documents and Settings\Family\Application Data\WinTouch\WTUninstaller.exe.vir Win32/Agent.NVS trojan 6E13E72A172C38497DBF3A6E4FA179D5
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir a variant of Win32/TrojanDownloader.PurityScan trojan FF8FB4B45F333F2C982CF0704904857D
C:\QooBox\Quarantine\C\Program Files\MapEDC\MapEDC.exe.vir probably a variant of Win32/Adware.Agent.NIV application 76FDB0F249513F9E1F4A58C081F890B6
C:\QooBox\Quarantine\C\Program Files\Svconr\Svconr.exe.vir a variant of Win32/Adware.Agent.NIV application AC2A8793B28119235B6E37273325A93D
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInstall.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan 9A0CB0EDEEA2042B2FC346E80B9747A8
C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir probably a variant of Win32/Adware.Agent application 6A8B00E28E6800581B3B527A5CD4DEF8
C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir probably a variant of Win32/Adware.Agent application BF9ED3F0041FBBAF6035994A2D7B8357
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Win32/TrojanDownloader.Agent.HJV trojan 4BB6976E12FE323F07DF7C3F7D0759C8
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir Win32/Rootkit.Agent.NFL trojan D43B23ECF68365A37EF565F70D356738
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir »NSIS »install.exe Win32/Rootkit.Agent.NFL trojan 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan D7CED9044A749B75B0E3E57B0F16D951
C:\QooBox\Quarantine\C\WINDOWS\b143.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan A69017C2C9B94054FD0E9F9DAB68EA65
C:\QooBox\Quarantine\C\WINDOWS\b147.exe.vir Win32/TrojanDownloader.Agent.FJN trojan 548F182C4E9C885BE54D2585CECC6BC2
C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir Win32/TrojanDownloader.Agent.FJN trojan 79AEF1C43A48236C5D750B31A4DB3D10
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan EA1BC020306731DDD0F4CB03DE31FBD4
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan 1992D28D50DD20E17DDF3953C2D2D9E6
C:\QooBox\Quarantine\C\WINDOWS\b154.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan E7DD4783F6B250CE78273A39A6FF3D2B
C:\QooBox\Quarantine\C\WINDOWS\b155.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan 5AD4C2D2BE059BF390D715322B71890A
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir a variant of Win32/TrojanDropper.Agent.NJY trojan DF170277F0C46764A76777E431ACD2F5
C:\QooBox\Quarantine\C\WINDOWS\b157.exe.vir Win32/TrojanDropper.Agent.NJY trojan 822ECEB8D273F99BB3AB95168CDE7C09
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Win32/TrojanDownloader.Agent.BLS trojan EE75B3C234BBEB21DC3AF90530CA43C1
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.tmp.vir Win32/TrojanDownloader.Agent.BLS trojan 62D75E11C51108E796BADA08E9E6B540
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.vir Win32/TrojanDownloader.Agent.BLS trojan 62D75E11C51108E796BADA08E9E6B540
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\absmbuyh.dll.vir Win32/Adware.Virtumonde application 1D0503BFCAEE7D6DCB6E7A7009C04DEB
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\agecfksy.dll.vir Win32/Adware.AdMedia application 3B3978026DFDD61387CD436448E07ECA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\avtnrncx.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bdwcjeud.dll.vir Win32/Adware.Virtumonde application 039F864268AF47A6D5D159547260199A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bnxisbhn.dll.vir Win32/BHO.NDF trojan C9669D55ED3C6359A55BCB9B038E4DA6
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\byxxvww.dll.vir Win32/Adware.Virtumonde application 790BE14E98A90BF7A19EB0106DA247BA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cidrnwqn.dll.vir Win32/Adware.AdMedia application F14E7A0904024418C1AB500FD18717B5
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\csjlmxmq.dll.vir Win32/Adware.Virtumonde application 697055BAA9FF2D02D40B61CF3FD7BE69
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cutjgqmc.dll.vir Win32/Adware.AdMedia application 56FA187EA68629A9F73515631448820C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddcbywt.dll.vir Win32/Adware.Virtumonde application 001AE1C8740DC2C03C0E49F4B8871DE6
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dmmlnryk.dll.vir Win32/Adware.AdMedia application 0AAD723C107979DE21876D1A64D05B66
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dpqoiohj.dll.vir Win32/BHO.NCC trojan 4454F871B10124D3A9C91C4E90BF558A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dsdairwq.dll.vir Win32/Adware.AdMedia application 4FF52580C7CE6A71F4FBD07A56DB105C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dudfhofx.dll.vir Win32/Adware.AdMedia application 5CE95B6A43F0D08189904CF46E645749
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eempdvap.dll.vir Win32/Adware.AdMedia application 40084AAB860A521D7B3E1FB2ACA8F7EE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efcdbxu.dll.vir Win32/Adware.Virtumonde application 790BE14E98A90BF7A19EB0106DA247BA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efcdede.dll.vir Win32/Adware.Virtumonde application 267325A94452D60EBA7D64DE2E7266D5
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\emdhwxym.dll.vir Win32/Adware.Virtumonde application D037A97C461201295AB6046A18B8BEA1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\etbmkdpu.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fccdbxu.dll.vir probably a variant of Win32/TrojanDownloader.Agent trojan A7C489C5C5AFBF3CE2A27029DD35757B
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fccpimsd.dll.vir Win32/Adware.AdMedia application A9BC464A066F65E7ED7749D36CFC4A76
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fjgoyyxt.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fnudujds.dll.vir Win32/Adware.AdMedia application A9BC464A066F65E7ED7749D36CFC4A76
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fplcwidw.dll.vir Win32/Adware.Virtumonde application 0DCD2B8CF79902A6D3D15DBC37154B1B
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fwkexphx.dll.vir Win32/Adware.Virtumonde application 039F864268AF47A6D5D159547260199A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fyrpbaiu.dll.vir Win32/Adware.AdMedia application 19122F24B93C3E4174FDE77D658A88F9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gebyxur.dll.vir probably a variant of Win32/TrojanDownloader.Agent trojan A7C489C5C5AFBF3CE2A27029DD35757B
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gemmshum.exe.vir Win32/PrivacySet.B trojan 388EECF06938E583AB8AC6D32D699611
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\golyunyi.dll.vir Win32/BHO.NCC trojan 7DF188A08A5799785B2A1F59C17E0993
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gqwflror.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hggdaaw.dll.vir Win32/Adware.Virtumonde application 9498A3889962623E7DB92544FFEFB2FE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\htlibftc.dll.vir Win32/Adware.AdMedia application 09F62FA16272CF17C32786E20F486BAF
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iatswpre.dll.vir Win32/Adware.Virtumonde application 4E9B2BF990AAB1FF50AFEA469A8C556F
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iaxtuixv.dll.vir Win32/Adware.AdMedia application BDC6E0BA4071751036EDA993F51D9337
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\idancalb.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igknghhf.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ijrodqmw.dll.vir Win32/BHO.G trojan 28EFEF81BFF671EE1F7395F2CB35BD46
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ijvsjtnx.dll.vir Win32/Adware.Virtumonde application 0DCD2B8CF79902A6D3D15DBC37154B1B
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iolabahx.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\joswffal.dll.vir Win32/Adware.Virtumonde application 945ABFAD3DFA006D4DC7689F3D0A17FB
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jxdixatt.dll.vir Win32/BHO.NCC trojan A6B40EDB54F830D44EACBC73570D2799
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jyeygdox.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kaqlxxsn.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kkvvkyjx.exe.vir Win32/PrivacySet.B trojan 388EECF06938E583AB8AC6D32D699611
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lhimtxdq.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljjghfd.dll.vir Win32/Adware.Virtumonde application 2A1E8FE71E9D84A53A35FF0B7C47ED21
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lkqoolwj.dll.vir Win32/Adware.AdMedia application 797923CA191E78C759351B3A65B43658
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lmdxvwhm.dll.vir Win32/Small.NDR trojan 6B7231EFA02595C6E8F14D2B12B2BED1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lsqimooa.dll.vir Win32/Adware.Virtumonde application C128B86941D9FDB13219727043746E8C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\luvfwrua.dll.vir Win32/Adware.Virtumonde application B96C199D897D8DEA7515C57587199699
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lyfyjkkl.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mflbwfrg.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mkhyfpax.dll.vir Win32/Adware.AdMedia application 40084AAB860A521D7B3E1FB2ACA8F7EE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mmurrqdg.dll.vir Win32/BHO.NCC trojan B7B2373E5E2136A5E1AF773993F3C173
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mwqtimma.dll.vir Win32/Adware.Virtumonde application 039F864268AF47A6D5D159547260199A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mwsllsnm.dll.vir Win32/BHO.NCC trojan DE362927E188FF0506B490E2896476FD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nanohged.dll.vir Win32/Adware.Virtumonde application 945ABFAD3DFA006D4DC7689F3D0A17FB
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nimwqthf.dll.vir Win32/Adware.Virtumonde application 8DFD0BF3ADDF94EED2D599BD9CA410B4
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nkqynlyl.dll.vir Win32/Adware.Virtumonde application 039F864268AF47A6D5D159547260199A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\npavsepc.dll.vir Win32/Small.NDR trojan 6B7231EFA02595C6E8F14D2B12B2BED1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nvodpsiy.dll.vir Win32/Adware.Virtumonde application 55DECC5EDC9B1521A64440E421B629CA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oepnfggx.dll.vir Win32/Adware.Virtumonde application 879D3D702721A32114E5ADC3BD87637A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ojlbitpj.dll.vir Win32/BHO.NCC trojan BB9450268B0963CD805682FB3E67166C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opnkljj.dll.vir Win32/Adware.Virtumonde application 2F58272CC8B752661643E56878CE72DF
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opnmkig.dll.vir Win32/Adware.Virtumonde application 790BE14E98A90BF7A19EB0106DA247BA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\osgebyho.dll.vir Win32/Adware.Virtumonde application 45473D1D64569C8AEBF332696FE8B694
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ovowxxrv.dll.vir Win32/BHO.NCC trojan 7FC1AE152AFB8EC2535FF294CA199EE8
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\psrwkbqr.dll.vir Win32/Adware.Virtumonde application B4BB64C830FE8D81AA1D9A78D2CD9F8C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ptbjgeds.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qiqpvssw.dll.vir Win32/Adware.Virtumonde application 925ECD4833C2596CAFB9A0EE504BD99F
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qommjij.dll.vir Win32/Adware.Virtumonde application A8DF1D39EA45217D4ACFFAAB9F012A84
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rfxmmxom.dll.vir Win32/Adware.Virtumonde application 2049FFB027C4B4F8FA07910641BF6A69
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rgbsctar.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rjjcmrdw.dll.vir Win32/Adware.AdMedia application C9678F69256AC108CE275D69D2C5457D
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\scicsnqr.dll.vir Win32/Adware.AdMedia application C2C537426C09FE36068CA4E1E8D152C9
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\skmkkhpd.dll.vir Win32/Adware.AdMedia application E5B4B7F80EF0B711D1417A9FA3164239
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\srhlphbo.dll.vir Win32/Adware.AdMedia application 3B3978026DFDD61387CD436448E07ECA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sursddyy.dll.vir Win32/Adware.AdMedia application 1A91E6C1A8DAD4964679BAC11872D1FD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tbgwcvmq.dll.vir Win32/BHO.NEH trojan B03C53501B324BCE60F9A7A4E4D3987A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tpfrhxjp.dll.vir Win32/BHO.NCC trojan 57D67105FA164EB97FFD2A3AFB5E0D45
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tslgqxvh.exe.vir Win32/PrivacySet.B trojan 388EECF06938E583AB8AC6D32D699611
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\twtsadur.dll.vir Win32/Adware.AdMedia application F5F8ED841F3CEA895CD337B48CEBA3B0
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ubhbfsfo.dll.vir Win32/Adware.AdMedia application 56FA187EA68629A9F73515631448820C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ufkcalod.exe.vir Win32/PrivacySet.B trojan 388EECF06938E583AB8AC6D32D699611
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uhtnxhpd.dll.vir Win32/Adware.Virtumonde application 29EF3A80E552898F3F3AFF35003309E0
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uigicala.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\upwurnmd.dll.vir Win32/Adware.AdMedia application F4451826966CE89AC60E611BB230B925
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uughysjh.dll.vir Win32/Adware.AdMedia application 40084AAB860A521D7B3E1FB2ACA8F7EE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uulprhln.dll.vir Win32/Adware.Virtumonde application 945ABFAD3DFA006D4DC7689F3D0A17FB
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uykurawl.dll.vir Win32/Adware.AdMedia application 3ED795A0F7B378DD38861071AC9868F2
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vgaihxkh.dll.vir Win32/Adware.Virtumonde application F3E731BD0D618EE68EF2DE99E77916CD
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtbsfidj.dll.vir Win32/Adware.AdMedia application 40084AAB860A521D7B3E1FB2ACA8F7EE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtutqom.dll.vir Win32/Adware.Virtumonde application 2F58272CC8B752661643E56878CE72DF
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vxjoknwt.dll.vir Win32/BHO.NCC trojan 4454F871B10124D3A9C91C4E90BF558A
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wbsenaxy.dll.vir Win32/Adware.Virtumonde application 0DCD2B8CF79902A6D3D15DBC37154B1B
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wfqlarri.dll.vir Win32/Adware.AdMedia application DEF0C0B8DDD2BECDE2995F0E606C2C2E
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wjohgwra.dll.vir Win32/Adware.AdMedia application 3ED795A0F7B378DD38861071AC9868F2
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\woulioxq.dll.vir Win32/BHO.NCC trojan 84C6466C6524ACA7C0DD7EB40B9EE574
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wqtbwsob.dll.vir Win32/BHO.NCC trojan 355378A241A75B90577D99CF13AC71BB
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wvursrr.dll.vir Win32/Adware.Virtumonde application 8D63072F655AD11BABC6567E53756A9E
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wvutrsr.dll.vir Win32/Adware.Virtumonde application 2F58272CC8B752661643E56878CE72DF
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xhyjeylm.dll.vir Win32/Adware.Virtumonde application B4BB64C830FE8D81AA1D9A78D2CD9F8C
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xxyxwvu.dll.vir Win32/Adware.Virtumonde application 790BE14E98A90BF7A19EB0106DA247BA
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ylujosos.dll.vir Win32/Adware.Virtumonde application 039F864268AF47A6D5D159547260199A
C:\RECYCLER\S-1-5-21-487496076-1944916564-1425980510-1006\Dc17.exe probably a variant of Win32/Adware.RogueApp application 267AA6A07FAE3CBF595E40B0F0BE18FC
C:\RECYCLER\S-1-5-21-487496076-1944916564-1425980510-1006\Dc37.exe Win32/Adware.AVSystemCare application D54AD27EEAFDEBDFA52957BD95CFC1F0
C:\RECYCLER\S-1-5-21-487496076-1944916564-1425980510-1006\Dc45.exe Win32/Adware.AdvancedCleaner application 81CF9B2FF076E1BB16B8C4C2F2E9473C
C:\RECYCLER\S-1-5-21-487496076-1944916564-1425980510-1006\Dc54\7.5\APTemp\APQC.tmp Win32/Agent.BCK trojan 5E983296A10D958AB68957F9F5018CF1
C:\RECYCLER\S-1-5-21-487496076-1944916564-1425980510-1006\Dc54\7.5\APTemp\APQD.tmp Win32/Agent.BCK trojan 5E983296A10D958AB68957F9F5018CF1
C:\WINDOWS\tsitra77.exe.tmp Win32/TrojanDownloader.Agent.BLS trojan 55E5479AC4B260F129BE06949DF476E8
C:\WINDOWS\SYSTEM32\adyhcwkw.dll Win32/BHO.G trojan 3C73778C3DB1220F5A7BEAD80E1E7977
C:\WINDOWS\SYSTEM32\aegklpjf.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\aheklywo.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\amnydsww.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\apqlpjev.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\arcyxttt.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\atnbwrhl.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\bbhtwphm.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\bbthuubb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\belrvntd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\bkfitcks.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\bqkopyxu.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\casemiwf.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ccfvftbp.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ceebaavv.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\cheloqut.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ckavnfph.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\conxtxmx.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\crwarrlj.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\dcdmqfuw.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\djoukmcs.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\dnrjkftd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\dtngfefg.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\dtxxrsdm.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ebhxnvri.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\edyktiei.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\egsewocu.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\egyrcfkk.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ehimteye.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ejfxjyun.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ekupnlfp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\elotvodo.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\estxroyy.dll Win32/BHO.G trojan ABDDE0852C42C3C5D59444C597ECBDDA
C:\WINDOWS\SYSTEM32\eykpnpqp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\fauktgtq.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ffcfordi.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\fnocxkju.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\foacxmrj.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\fsofqpwn.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ftwfqhnp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\fupdoaku.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\fyqbbrfp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\gcvrdftm.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\gegjtxdj.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\geldqclc.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ggehprni.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ghyggbld.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\gigasmls.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\gjtxwnmb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\gpoajdpk.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\hempoyro.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hhnvwvna.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hjdiajjh.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hmsqrntu.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\hqqukapk.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hsbwtxhp.dll Win32/BHO.G trojan 6BD68F54764663DAAEDD24F8A1926757
C:\WINDOWS\SYSTEM32\hsybgyvs.dll Win32/BHO.G trojan 9BF87D9974BCE377056721815CF16A50
C:\WINDOWS\SYSTEM32\htxekedl.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hvedbcur.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\hvuiqfuf.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\hyyrjogh.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\icvnaryl.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\idsatwms.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ihcrqxhv.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ihsrjaso.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ilwhxbgb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\inowhryn.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\irmenfpt.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\jalushun.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\jpxykboa.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\jxwxsbxx.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\jyucxknm.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\kapbdtgo.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\kcbejojv.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\kklonqnb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\kpqwpxvd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\kykqaogt.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\laanhuse.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ldgmerkc.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\lksmufhq.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\llcwyvtv.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\llidadfo.dll Win32/BHO.G trojan D82DAC8EEC58134A398446BFBAEA2EC1
C:\WINDOWS\SYSTEM32\lmcdrvpp.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\lulsjsfd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\lxdhlplb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\mchxwkbx.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\mesjwcit.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\mfvwtbyq.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\mgqiprub.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\miwwoubj.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\mvvpputy.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\mxglkiqb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\myerdioh.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\nccgsnen.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\nceubdjd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ndmmjhjh.dll Win32/BHO.G trojan ABDDE0852C42C3C5D59444C597ECBDDA
C:\WINDOWS\SYSTEM32\neegtxey.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ngcvhfgf.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\nss8.dll Win32/BHO.NCZ trojan 1727958C8B8CE26C21DA459FE766D228
C:\WINDOWS\SYSTEM32\nxemobet.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\nyeuetna.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ocbmmhrc.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\occvfirw.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ockkgkrh.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\odxdhaqw.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ojshoufh.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\olfjxfux.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\oxtnopxs.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\pfvjnild.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\phxxjpca.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\piwuibmj.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\pmnonnl.dll Win32/Adware.Virtumonde application 56F180294D5D47128936F9A34318A83B
C:\WINDOWS\SYSTEM32\pqcynlci.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\pudxiwqv.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\pwclcvjv.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\pxvcstal.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\pyrrvwga.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\qfjmtgmc.dll Win32/BHO.G trojan ABDDE0852C42C3C5D59444C597ECBDDA
C:\WINDOWS\SYSTEM32\qjuiyjuk.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\qppuuggo.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\qsehjtea.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\qukepipl.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\qxaumsqd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\rdmnehmn.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\riiaobox.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\rkcfperd.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\rma***ru.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\rnaqhobc.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\rnbrmcla.dll Win32/BHO.NBE trojan C0EA5B72B54E2B3FFF2A215E08BD6E4B
C:\WINDOWS\SYSTEM32\rqkjftbx.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\sarnmtcj.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\sbogcrdy.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\sjnpoate.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\sjsxdnsk.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\smgplxlw.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\sqltjlrq.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\suacnqst.dll Win32/BHO.G trojan 13894B62BDD841F8D936E2F59FBD4556
C:\WINDOWS\SYSTEM32\sunbnvqw.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\thgrfsxc.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\tkmwqowe.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\tlvesbxq.dll Win32/BHO.G trojan 3C73778C3DB1220F5A7BEAD80E1E7977
C:\WINDOWS\SYSTEM32\tmdjuqcl.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\tnwnmgdj.dll Win32/BHO.G trojan E19267BE1BEEF4B0C44720F58ED10DA7
C:\WINDOWS\SYSTEM32\tqlxbopc.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\tuoqkjbf.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\tuugqpfp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\twriqlwm.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ufgynrlu.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\uglufxpy.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ugpidjts.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ukujtiqf.dll Win32/Adware.Virtumonde application F557D16D84D1BB45B4FAAF84022DB931
C:\WINDOWS\SYSTEM32\upgpbikj.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\upvrbkvh.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\vagaedmm.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\vcxjkapd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vgqkqkdn.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vhvicduo.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\vlkpevvd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vpdyobsp.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vpjrrely.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\vqvotmyd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vtuvsqn.dll Win32/Adware.Virtumonde application BBD59BEBBCEBD47AA0850C136BD4F3D8
C:\WINDOWS\SYSTEM32\vxcdbixs.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\vxsoxwii.dll Win32/BHO.G trojan 99BB8D7C88F94580B4100B111AF29F0C
C:\WINDOWS\SYSTEM32\wfnhjjqr.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\wgjlctwx.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wgrkwjgi.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wopfgxjn.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wpaiapxw.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wpqyyifg.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wqquhpvu.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wrcafrxn.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wrrwvrpw.dll Win32/BHO.G trojan 81F219D802CE0FD54C6EBA6691D3B95B
C:\WINDOWS\SYSTEM32\wvipvpec.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wxiqdfjd.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\wxmvpuyt.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\xinlokmy.dll Win32/BHO.G trojan 52FDA1BAE32B2BDEF8D03097AC048C0D
C:\WINDOWS\SYSTEM32\xxvikydb.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\yhimkaid.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\yjkkxyqs.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ypipywpa.exe Win32/Adware.Ezula application 5A4AB34F263527ADD334AA10F1652765
C:\WINDOWS\SYSTEM32\ypwkjaad.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\ysjkxqst.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\yttoadak.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\yuycvgjf.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568
C:\WINDOWS\SYSTEM32\yycbyovo.dll Win32/BHO.G trojan ABDDE0852C42C3C5D59444C597ECBDDA
C:\WINDOWS\SYSTEM32\yymvjlfe.exe Win32/Adware.Ezula application FFDD38BFD9186A7BEA26A6214D36C568

HiJack This ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:07 AM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 9340 bytes

I just think my computer is a bit slow, that's all.

**Angelfire777** · 06-27-2008, 02:01 PM

Hi,

That is exactly why I planned to automate the manual uninstall. but since you fixed it, no need for that. Good job

I see you have chosen to install weatherbug through AIM. Weatherbug is a heavily adware supported program and it has a dubious reputation. I recommend you reinstall AIM and choose to not install weatherbug when you are asked.

delete these folders first if you decide to reinstalled AIM:

C:\Program Files\AIM
C:\Program Files\AWS
_________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_________

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type clean.bat in the File name and save it to your desktop.

Code:

@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe"
"C:\WINDOWS\tsitra77.exe.tmp"
"C:\WINDOWS\SYSTEM32\adyhcwkw.dll"
"C:\WINDOWS\SYSTEM32\aegklpjf.exe"
"C:\WINDOWS\SYSTEM32\aheklywo.exe"
"C:\WINDOWS\SYSTEM32\amnydsww.exe"
"C:\WINDOWS\SYSTEM32\apqlpjev.exe"
"C:\WINDOWS\SYSTEM32\arcyxttt.exe"
"C:\WINDOWS\SYSTEM32\atnbwrhl.exe"
"C:\WINDOWS\SYSTEM32\bbhtwphm.exe"
"C:\WINDOWS\SYSTEM32\bbthuubb.exe"
"C:\WINDOWS\SYSTEM32\belrvntd.exe"
"C:\WINDOWS\SYSTEM32\bkfitcks.exe"
"C:\WINDOWS\SYSTEM32\bqkopyxu.exe"
"C:\WINDOWS\SYSTEM32\casemiwf.exe"
"C:\WINDOWS\SYSTEM32\ccfvftbp.exe"
"C:\WINDOWS\SYSTEM32\ceebaavv.exe"
"C:\WINDOWS\SYSTEM32\cheloqut.exe"
"C:\WINDOWS\SYSTEM32\ckavnfph.exe"
"C:\WINDOWS\SYSTEM32\conxtxmx.exe"
"C:\WINDOWS\SYSTEM32\crwarrlj.exe"
"C:\WINDOWS\SYSTEM32\dcdmqfuw.exe"
"C:\WINDOWS\SYSTEM32\djoukmcs.exe"
"C:\WINDOWS\SYSTEM32\dnrjkftd.exe"
"C:\WINDOWS\SYSTEM32\dtngfefg.exe"
"C:\WINDOWS\SYSTEM32\dtxxrsdm.exe"
"C:\WINDOWS\SYSTEM32\ebhxnvri.exe"
"C:\WINDOWS\SYSTEM32\edyktiei.exe"
"C:\WINDOWS\SYSTEM32\egsewocu.exe"
"C:\WINDOWS\SYSTEM32\egyrcfkk.exe"
"C:\WINDOWS\SYSTEM32\ehimteye.exe"
"C:\WINDOWS\SYSTEM32\ejfxjyun.exe"
"C:\WINDOWS\SYSTEM32\ekupnlfp.exe"
"C:\WINDOWS\SYSTEM32\elotvodo.exe"
"C:\WINDOWS\SYSTEM32\estxroyy.dll"
"C:\WINDOWS\SYSTEM32\eykpnpqp.exe"
"C:\WINDOWS\SYSTEM32\fauktgtq.exe"
"C:\WINDOWS\SYSTEM32\ffcfordi.exe"
"C:\WINDOWS\SYSTEM32\fnocxkju.exe"
"C:\WINDOWS\SYSTEM32\foacxmrj.exe"
"C:\WINDOWS\SYSTEM32\fsofqpwn.exe"
"C:\WINDOWS\SYSTEM32\ftwfqhnp.exe"
"C:\WINDOWS\SYSTEM32\fupdoaku.exe"
"C:\WINDOWS\SYSTEM32\fyqbbrfp.exe"
"C:\WINDOWS\SYSTEM32\gcvrdftm.exe"
"C:\WINDOWS\SYSTEM32\gegjtxdj.exe"
"C:\WINDOWS\SYSTEM32\geldqclc.exe"
"C:\WINDOWS\SYSTEM32\ggehprni.exe"
"C:\WINDOWS\SYSTEM32\ghyggbld.exe"
"C:\WINDOWS\SYSTEM32\gigasmls.exe"
"C:\WINDOWS\SYSTEM32\gjtxwnmb.exe"
"C:\WINDOWS\SYSTEM32\gpoajdpk.exe"
"C:\WINDOWS\SYSTEM32\hempoyro.exe"
"C:\WINDOWS\SYSTEM32\hhnvwvna.exe"
"C:\WINDOWS\SYSTEM32\hjdiajjh.exe"
"C:\WINDOWS\SYSTEM32\hmsqrntu.exe"
"C:\WINDOWS\SYSTEM32\hqqukapk.exe"
"C:\WINDOWS\SYSTEM32\hsbwtxhp.dll"
"C:\WINDOWS\SYSTEM32\hsybgyvs.dll"
"C:\WINDOWS\SYSTEM32\htxekedl.exe"
"C:\WINDOWS\SYSTEM32\hvedbcur.exe"
"C:\WINDOWS\SYSTEM32\hvuiqfuf.exe"
"C:\WINDOWS\SYSTEM32\hyyrjogh.exe"
"C:\WINDOWS\SYSTEM32\icvnaryl.exe"
"C:\WINDOWS\SYSTEM32\idsatwms.exe"
"C:\WINDOWS\SYSTEM32\ihcrqxhv.exe"
"C:\WINDOWS\SYSTEM32\ihsrjaso.exe"
"C:\WINDOWS\SYSTEM32\ilwhxbgb.exe"
"C:\WINDOWS\SYSTEM32\inowhryn.exe"
"C:\WINDOWS\SYSTEM32\irmenfpt.exe"
"C:\WINDOWS\SYSTEM32\jalushun.exe"
"C:\WINDOWS\SYSTEM32\jpxykboa.exe"
"C:\WINDOWS\SYSTEM32\jxwxsbxx.exe"
"C:\WINDOWS\SYSTEM32\jyucxknm.exe"
"C:\WINDOWS\SYSTEM32\kapbdtgo.exe"
"C:\WINDOWS\SYSTEM32\kcbejojv.exe"
"C:\WINDOWS\SYSTEM32\kklonqnb.exe"
"C:\WINDOWS\SYSTEM32\kpqwpxvd.exe"
"C:\WINDOWS\SYSTEM32\kykqaogt.exe"
"C:\WINDOWS\SYSTEM32\laanhuse.exe"
"C:\WINDOWS\SYSTEM32\ldgmerkc.exe"
"C:\WINDOWS\SYSTEM32\lksmufhq.exe"
"C:\WINDOWS\SYSTEM32\llcwyvtv.exe"
"C:\WINDOWS\SYSTEM32\llidadfo.dll"
"C:\WINDOWS\SYSTEM32\lmcdrvpp.exe"
"C:\WINDOWS\SYSTEM32\lulsjsfd.exe"
"C:\WINDOWS\SYSTEM32\lxdhlplb.exe"
"C:\WINDOWS\SYSTEM32\mchxwkbx.exe"
"C:\WINDOWS\SYSTEM32\mesjwcit.exe"
"C:\WINDOWS\SYSTEM32\mfvwtbyq.exe"
"C:\WINDOWS\SYSTEM32\mgqiprub.exe"
"C:\WINDOWS\SYSTEM32\miwwoubj.exe"
"C:\WINDOWS\SYSTEM32\mvvpputy.exe"
"C:\WINDOWS\SYSTEM32\mxglkiqb.exe"
"C:\WINDOWS\SYSTEM32\myerdioh.exe"
"C:\WINDOWS\SYSTEM32\nccgsnen.exe"
"C:\WINDOWS\SYSTEM32\nceubdjd.exe"
"C:\WINDOWS\SYSTEM32\ndmmjhjh.dll"
"C:\WINDOWS\SYSTEM32\neegtxey.exe"
"C:\WINDOWS\SYSTEM32\ngcvhfgf.exe"
"C:\WINDOWS\SYSTEM32\nss8.dll"
"C:\WINDOWS\SYSTEM32\nxemobet.exe"
"C:\WINDOWS\SYSTEM32\nyeuetna.exe"
"C:\WINDOWS\SYSTEM32\ocbmmhrc.exe"
"C:\WINDOWS\SYSTEM32\occvfirw.exe"
"C:\WINDOWS\SYSTEM32\ockkgkrh.exe"
"C:\WINDOWS\SYSTEM32\odxdhaqw.exe"
"C:\WINDOWS\SYSTEM32\ojshoufh.exe"
"C:\WINDOWS\SYSTEM32\olfjxfux.exe"
"C:\WINDOWS\SYSTEM32\oxtnopxs.exe"
"C:\WINDOWS\SYSTEM32\pfvjnild.exe"
"C:\WINDOWS\SYSTEM32\phxxjpca.exe"
"C:\WINDOWS\SYSTEM32\piwuibmj.exe"
"C:\WINDOWS\SYSTEM32\pmnonnl.dll"
"C:\WINDOWS\SYSTEM32\pqcynlci.exe"
"C:\WINDOWS\SYSTEM32\pudxiwqv.exe"
"C:\WINDOWS\SYSTEM32\pwclcvjv.exe"
"C:\WINDOWS\SYSTEM32\pxvcstal.exe"
"C:\WINDOWS\SYSTEM32\pyrrvwga.exe"
"C:\WINDOWS\SYSTEM32\qfjmtgmc.dll"
"C:\WINDOWS\SYSTEM32\qjuiyjuk.exe"
"C:\WINDOWS\SYSTEM32\qppuuggo.exe"
"C:\WINDOWS\SYSTEM32\qsehjtea.exe"
"C:\WINDOWS\SYSTEM32\qukepipl.exe"
"C:\WINDOWS\SYSTEM32\qxaumsqd.exe"
"C:\WINDOWS\SYSTEM32\rdmnehmn.exe"
"C:\WINDOWS\SYSTEM32\riiaobox.exe"
"C:\WINDOWS\SYSTEM32\rkcfperd.exe"
"C:\WINDOWS\SYSTEM32\rma***ru.exe"
"C:\WINDOWS\SYSTEM32\rnaqhobc.exe"
"C:\WINDOWS\SYSTEM32\rnbrmcla.dll"
"C:\WINDOWS\SYSTEM32\rqkjftbx.exe"
"C:\WINDOWS\SYSTEM32\sarnmtcj.exe"
"C:\WINDOWS\SYSTEM32\sbogcrdy.exe"
"C:\WINDOWS\SYSTEM32\sjnpoate.exe"
"C:\WINDOWS\SYSTEM32\sjsxdnsk.exe"
"C:\WINDOWS\SYSTEM32\smgplxlw.exe"
"C:\WINDOWS\SYSTEM32\sqltjlrq.exe"
"C:\WINDOWS\SYSTEM32\suacnqst.dll"
"C:\WINDOWS\SYSTEM32\sunbnvqw.exe"
"C:\WINDOWS\SYSTEM32\thgrfsxc.exe"
"C:\WINDOWS\SYSTEM32\tkmwqowe.exe"
"C:\WINDOWS\SYSTEM32\tlvesbxq.dll"
"C:\WINDOWS\SYSTEM32\tmdjuqcl.exe"
"C:\WINDOWS\SYSTEM32\tnwnmgdj.dll"
"C:\WINDOWS\SYSTEM32\tqlxbopc.exe"
"C:\WINDOWS\SYSTEM32\tuoqkjbf.exe"
"C:\WINDOWS\SYSTEM32\tuugqpfp.exe"
"C:\WINDOWS\SYSTEM32\twriqlwm.exe"
"C:\WINDOWS\SYSTEM32\ufgynrlu.exe"
"C:\WINDOWS\SYSTEM32\uglufxpy.exe"
"C:\WINDOWS\SYSTEM32\ugpidjts.exe"
"C:\WINDOWS\SYSTEM32\ukujtiqf.dll"
"C:\WINDOWS\SYSTEM32\upgpbikj.exe"
"C:\WINDOWS\SYSTEM32\upvrbkvh.exe"
"C:\WINDOWS\SYSTEM32\vagaedmm.exe"
"C:\WINDOWS\SYSTEM32\vcxjkapd.exe"
"C:\WINDOWS\SYSTEM32\vgqkqkdn.exe"
"C:\WINDOWS\SYSTEM32\vhvicduo.exe"
"C:\WINDOWS\SYSTEM32\vlkpevvd.exe"
"C:\WINDOWS\SYSTEM32\vpdyobsp.exe"
"C:\WINDOWS\SYSTEM32\vpjrrely.exe"
"C:\WINDOWS\SYSTEM32\vqvotmyd.exe"
"C:\WINDOWS\SYSTEM32\vtuvsqn.dll"
"C:\WINDOWS\SYSTEM32\vxcdbixs.exe"
"C:\WINDOWS\SYSTEM32\vxsoxwii.dll"
"C:\WINDOWS\SYSTEM32\wfnhjjqr.exe"
"C:\WINDOWS\SYSTEM32\wgjlctwx.exe"
"C:\WINDOWS\SYSTEM32\wgrkwjgi.exe"
"C:\WINDOWS\SYSTEM32\wopfgxjn.exe"
"C:\WINDOWS\SYSTEM32\wpaiapxw.exe"
"C:\WINDOWS\SYSTEM32\wpqyyifg.exe"
"C:\WINDOWS\SYSTEM32\wqquhpvu.exe"
"C:\WINDOWS\SYSTEM32\wrcafrxn.exe"
"C:\WINDOWS\SYSTEM32\wrrwvrpw.dll"
"C:\WINDOWS\SYSTEM32\wvipvpec.exe"
"C:\WINDOWS\SYSTEM32\wxiqdfjd.exe"
"C:\WINDOWS\SYSTEM32\wxmvpuyt.exe"
"C:\WINDOWS\SYSTEM32\xinlokmy.dll"
"C:\WINDOWS\SYSTEM32\xxvikydb.exe"
"C:\WINDOWS\SYSTEM32\yhimkaid.exe"
"C:\WINDOWS\SYSTEM32\yjkkxyqs.exe"
"C:\WINDOWS\SYSTEM32\ypipywpa.exe"
"C:\WINDOWS\SYSTEM32\ypwkjaad.exe"
"C:\WINDOWS\SYSTEM32\ysjkxqst.exe"
"C:\WINDOWS\SYSTEM32\yttoadak.exe"
"C:\WINDOWS\SYSTEM32\yuycvgjf.exe"
"C:\WINDOWS\SYSTEM32\yycbyovo.dll"
"C:\WINDOWS\SYSTEM32\yymvjlfe.exe"
) do ( 
del /a/f/q %%g 
if exist %%g echo.%%g >>"%temp%\log.txt" 
)>nul 2>&1 

if exist "%temp%\log.txt" (start notepad "%temp%\log.txt" 
) else echo.Deleted Successfully! 
echo. 
pause 
del %0

Locate clean.bat on your Desktop and double-click on it. Tell me what it says.
_________

Download ATF Cleaner by Atribune

Important: Make sure all your browsers are closed before running ATF Cleaner..

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
_________

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

On your next reply, please include

Fresh HijackThis log.
results of clean.bat

let me know if te speed improved.

Miniia · 06-27-2008, 08:20 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:45 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 9148 bytes

The clean bat said, "Deleted Successfully! Press any key to continue..."

And yes it's faster! Thanks!

06-23-2008, 10:31 PM	#21 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I couldn't scan with kaspersky because it said that i don't have the latest Java, even though i do. Did you disable a lot of services using msconfig? No I didn't. File has already been analysed: MD5: 2a51f6176a685c3205f6ca5d1220d0fe First received: 01.15.2008 17:16:31 (CET) Date: 04.15.2008 02:42:30 (CET) [>70D] Results: 24/32 Permalink: analisis/659dd065e2cc7fdc157562ac0f675488 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:31 PM, on 6/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\15171C1A1D1E20.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 8251 bytes

06-23-2008, 11:31 PM	#23 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec *Did you turn automatic updates off? nop.

06-23-2008, 11:49 PM	#24 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec add this then: click start > run > copy and paste: reg delete "HKLM\software\policies\microsoft\windows\windowsupdate\au" /v NoAutoUpdate /f could you get kaspersky to scan now? __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-23-2008, 11:58 PM	#25 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec After the reboot, a message popped up saying that something was change and that i should reboot the computer to undo that change. But I just cancelled out. And I still can't scan.

06-24-2008, 12:02 AM	#26 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec oh wait it works on firefox

06-24-2008, 12:10 AM	#27 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Now it says: "Starting Java applet has failed! Please go online to use this program." Another prompt comes up saying that the program has failed to launch...

06-24-2008, 12:12 AM	#28 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec oh I almost forgot, I was unable to uninstall the symantec software, it always stop half way I wait for a while. I mean I even went to the grocery store and came back and it wasn't done.

06-24-2008, 01:06 AM	#29 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Please run the tool HERE to clean all the leftovers of your Norton Antivirus.. Did you try the scan using IE? If it still won't work, use this one instead: Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-24-2008, 03:13 PM	#30 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec The scan keeps stoping on this file: C:\Documents and Settings\All Users\Application Data\...\APQB.tmp

06-24-2008, 03:22 PM	#31 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Which scan are you referring to? The file may be big and so the scan will take some time. Please try to wait for it and if it continues to stop there for a long time, let me know. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-24-2008, 04:43 PM	#32 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec KasperSky won't even open in IE because it can't start the Java Applet. However, in Firefox it downloads those updates needed, but the acutal scan doesn't take place because of the same reason, Java Applet won't start. And I've redownloaded Java and it still won't work. The Eset Scan starts and everything, however, it stops on that file I mentioned prior. I search for that file and discovered it was in a Symantec folder. About the Symantec Antivirius, the link you gave me doesn't uninstall symantec, only norton. I discovered this because when I used the Norton Removal Tool in safe mode (it wouldn't work normally) it said that Symantec had to be uninstalled through the "Add/Remove Programs" in the Control Panel. Oddly enough, when I tried to uninstall it again it said there was a fatal error due to a file called: APQA.tmp . weird huh? Sorry about having such a weirdo computer...

06-25-2008, 08:00 PM	#33 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Please try to delete that APQA.tmp file and see if symantec av would uninstall correctly. If it won't work, please let me know what kind of symantec av is installed (ie. Exact name of product and version) __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-25-2008, 11:16 PM	#34 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I have Symantec Antivirus Full Version: 10.0.2.2000 I found this to manually uninstall Symantec. http://service1.symantec.com/SUPPORT...05050210381448 Should i use it? Last edited by Miniia; 06-25-2008 at 11:25 PM.

06-25-2008, 11:51 PM	#35 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Yes, that's the right one. The procedure requires a lot of registry editing. A little mistake could be fatal. Have you tried deleting that APQA.tmp file first before uninstalling? If it won't work, I'm going to make a batch file to automate the process for you. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-26-2008, 10:39 AM	#36 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec that file is missing.

06-26-2008, 11:21 AM	#37 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Make sure your machine is configured to show hidden files: http://www.xtra.co.nz/help/0,,4155-1916458,00.html If the file still isn't there, please try to reinstall the program then uninstall it. If that doesn't work, then we will attempt to remove it manually. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-27-2008, 08:20 PM	#40 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:45 PM, on 6/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 9148 bytes The clean bat said, "Deleted Successfully! Press any key to continue..." And yes it's faster! Thanks!