Sir_Itchlot Posted December 18, 2005 Share Posted December 18, 2005 A couple months ago, when trying to use IE, it was going all buggy and closing and crap. I restarted my computer, and everytime since then when I try to use it, this "Winfixer" thing pops up, and keeps trying to install itself, apparently to fix IE? I thought it was spyware, so I got firefox. But I just tried the Spyware Remover that's recommended somewhere on these forums, and it didn't find any spyware. So I'm using IE right now, playing RS and it's working better than Firefox! Even with High Detail on it, it's better than low detail was on Firefox. I want to continue using IE, because RS is working better with it, but if Winfixer is spyware, then they could get my passwords right? If someone knows whether Winfixer is the real deal (Microsoft) or not, please tell me so I can install the stupid thing so it stops annoying me, and fixes IE or whatever. Thanks. :) EDIT: HOLY CRAP. I just searched Winfixer on google and the first like 10 things are Winfixer REMOVALS! :shock: Which should I use? I need to get rid of this, and Spybot: Search And Destroy didn't detect it! AHH! AND: I found this: "It is a rogue anti-spyware program that hijacks your computer." Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 post a HJT log while your here. I give you the tools (not using symantec taking it out the hard way) p.s I won't even think about worrying about rs accounts. I am a bit concerned about your computer... Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 My HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 10:50:48 PM, on 17/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile] C:\Documents and Settings\Mitch\Desktop\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06a34ccb-f185-40c4-b367-15f01a0d7996} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {19ca005a-8716-4e8d-b232-70451fe73635} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {49c5f9e3-63fc-4ced-a16c-77bea61396f5} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: (no name) - {e16b8728-c829-40bf-8aa8-c1bb2e387fcb} - C:\WINDOWS\system32\gdbrdwsw.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 Please print these instructions as they will be needed later when Internet access is not available. 1) go http://www.atribune.org/downloads/VundoFix[Caution: ExecutableFile] Change the .e3e (CAUTION- executable file) to [Caution: ExecutableFile] 2) Download the file to your desktop. 3) Double-click VundoFix[Caution: ExecutableFile] to extract the files 4) This will create a VundoFix folder on your desktop. 5) After all the files have been extracted, please go into safemode (pressing f8 while booting up then select safemode) 6) Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat 7) You will first be presented with a warning. It should look like this: VundoFix V2.15 by Atri By using VundoFix you agree that you are doing so at your own risk Press enter to continue.... At this point press enter once. Next you will see: Please Type in the filepath as instructed by the forum staff and then press enter: (ignore the staff bit- it doesn't matter) At this point type in: C:\WINDOWS\system32\mljji.dll Press Enter to continue with the fix. Next you will see: Please type in the second filepath as instructed by the forum staff then press enter: again ignore the staff bit. C:\WINDOWS\system32\ijjlm.* Press Enter to continue with the fix. If HijackThis opens, simply shut it down as we will instruction you when to use it later. Press enter to exit the program then manually reboot your computer. Once your machine reboots please continue with the instructions below. google and Download CCleaner from here to clean temp files from your computer. Double click on the file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Click Install then finish to complete installation. Double click the CCleaner shortcut on the desktop to start the program. On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. post a new HJT log. I can see a lot that needs to be fixed but i take out vundo first. Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 2 Things: A: No Printer, Copy And Paste To Notepad? B: I have CCleaner already, it helped me get rid of a ProRat Trojan Once. :) Very Handy. ..Anywho, I'm gonna try that, give me a sec. Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 not looking good then... erm got another computer that you can read the instructions from? if not save a copy of the instructions to you desktop. you must close it while running the fix though. To anyone else with winfixer- don't follow these instructions the entries are different each time. Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 Bloopity blop. *EDITED, USELESS NOW* Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 Okay, I've done everything up to the CCleaner part. (In safemode, I couldn't see my desktop, so I went ctrl + alt + delete, then run, found Vundofix, and everything worked or whatever) My CCleaner isn't at the defaults for what to check and uncheck (boxes), because I've used it before and set to what I wanted to clean. So could you by any chance tell me what to check and want to uncheck before I do this? Thanks. :) Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 Went ahead with it anyway.. After CCleaner Part: Logfile of HijackThis v1.99.1 Scan saved at 12:11:28 AM, on 18/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Documents and Settings\Mitch\Desktop\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06a34ccb-f185-40c4-b367-15f01a0d7996} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {19ca005a-8716-4e8d-b232-70451fe73635} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {49c5f9e3-63fc-4ced-a16c-77bea61396f5} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: (no name) - {e16b8728-c829-40bf-8aa8-c1bb2e387fcb} - C:\WINDOWS\system32\gdbrdwsw.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
poochu Posted December 18, 2005 Share Posted December 18, 2005 Uhh you might want to try Ad-Aware Se 1.06 from http://www.lavasoft.de It's a free spyware remover. And do you have a firewall? If not google Sygate personal firewall :) Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 vundo is still active (which ain't good) try these again. I am sure i got the right paths....also i can't see any antispyware running so it won't be that. lets try again: reboot your computer into safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning. It should look like this: VundoFix V2.15 by Atri By using VundoFix you agree that you are doing so at your own risk Press enter to continue.... At this point press enter once. Next you will see: Please Type in the filepath as instructed by the forum staff and then press enter: At this point copy and paste the code in the box: C:\WINDOWS\system32\mljji.dll Press Enter to continue with the fix. Next you will see: Please type in the second filepath as instructed by the forum staff then press enter: copy and paste the code in the box (including the * ): C:\WINDOWS\system32\ijjlm.* Press Enter to continue with the fix. If HijackThis opens, simply shut it down as we will instruction you when to use it later. Press enter to exit the program then manually reboot your computer into normal mode. Wait for your desktop to appear- might flash a few times. Once your machine reboots (and after everything looks normal all icons etc) please continue with the instructions below. Double click the CCleaner shortcut on the desktop to start the program. Click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. post a new HJT log. Basically your using ccleaner to clean out the temp. +++++++++++++++ *EDITED, USELESS NOW* what was that edit about? Just wondering. Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 18, 2005 Author Share Posted December 18, 2005 Newest HJT Log Logfile of HijackThis v1.99.1 Scan saved at 3:45:29 PM, on 18/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile] C:\Documents and Settings\Mitch\Desktop\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06a34ccb-f185-40c4-b367-15f01a0d7996} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {19ca005a-8716-4e8d-b232-70451fe73635} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {49c5f9e3-63fc-4ced-a16c-77bea61396f5} - C:\WINDOWS\system32\gdbrdwsw.dll O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file) O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: (no name) - {e16b8728-c829-40bf-8aa8-c1bb2e387fcb} - C:\WINDOWS\system32\gdbrdwsw.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] Err And, The First Time I Thought You Said C:\\WINDOWS\system32... But You Said C:\WINDOWS\system32... (One "\") That could be why? Link to comment Share on other sites More sharing options...
poochu Posted December 19, 2005 Share Posted December 19, 2005 Uhh you could format if you dont mind losing EVERYTHING. :shock: Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 19, 2005 Share Posted December 19, 2005 good job :) vundo's gone for anyone that interested these were the entries that told me vundo was gone: O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file) and O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing) ok thats one infection out of the way. Download ad-aware, spybot and microsoft antispyware. update them and run them. save the results and post them here. I'll tell you to finish the clean-up process later after we get rid of the other stuff. [/code] Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 19, 2005 Author Share Posted December 19, 2005 Ad-Aware SE Log Ad-Aware SE Build 1.06r1 Logfile Created on:December 18, 2005 9:43:24 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R81 16.12.2005 ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû References detected during the scan: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû 180Solutions(TAC index:6):4 total references Backdoor.Prorat.16(TAC index:8):1 total references BlazeFind(TAC index:5):1 total references DyFuCA(TAC index:3):7 total references Elitum.ElitebarBHO(TAC index:5):1 total references istbar(TAC index:7):11 total references Possible Browser Hijack attempt(TAC index:3):4 total references Powerscan(TAC index:5):6 total references Redirected hostfile entry(TAC index:4):3 total references SCBAR(TAC index:3):1 total references ServerLogic.Hyperlinker(TAC index:7):7 total references SideFind(TAC index:5):8 total references Tracking Cookie(TAC index:3):202 total references VirtualBouncer(TAC index:5):5 total references Virtumonde(TAC index:10):2 total references VX2(TAC index:10):13 total references ZyncosMark(TAC index:3):5 total references ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18-12-2005 9:43:24 PM - Scan started. (Full System Scan) Listing running processes ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû #:1 [smss[Caution: ExecutableFile]] FilePath : \SystemRoot\System32\ ProcessID : 544 ThreadCreationTime : 19-12-2005 2:00:48 AM BasePriority : Normal #:2 [csrss[Caution: ExecutableFile]] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 608 ThreadCreationTime : 19-12-2005 2:00:49 AM BasePriority : Normal #:3 [winlogon[Caution: ExecutableFile]] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 632 ThreadCreationTime : 19-12-2005 2:00:49 AM BasePriority : High #:4 [services[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 19-12-2005 2:00:50 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : services[Caution: ExecutableFile] #:5 [lsass[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 688 ThreadCreationTime : 19-12-2005 2:00:50 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : lsass[Caution: ExecutableFile] #:6 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 840 ThreadCreationTime : 19-12-2005 2:00:51 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:7 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 916 ThreadCreationTime : 19-12-2005 2:00:51 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:8 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 1012 ThreadCreationTime : 19-12-2005 2:00:51 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:9 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 19-12-2005 2:00:51 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:10 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 1148 ThreadCreationTime : 19-12-2005 2:00:52 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:11 [spoolsv[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 1416 ThreadCreationTime : 19-12-2005 2:00:54 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv[Caution: ExecutableFile] #:12 [avgamsvr[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1528 ThreadCreationTime : 19-12-2005 2:01:01 AM BasePriority : Normal FileVersion : 7,1,0,365 ProductVersion : 7.1.0.365 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr[Caution: ExecutableFile] #:13 [avgupsvc[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1540 ThreadCreationTime : 19-12-2005 2:01:01 AM BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc[Caution: ExecutableFile] #:14 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 1632 ThreadCreationTime : 19-12-2005 2:01:01 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:15 [wdfmgr[Caution: ExecutableFile]] FilePath : C:\WINDOWS\system32\ ProcessID : 1784 ThreadCreationTime : 19-12-2005 2:01:04 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr[Caution: ExecutableFile] #:16 [explorer[Caution: ExecutableFile]] FilePath : C:\WINDOWS\ ProcessID : 416 ThreadCreationTime : 19-12-2005 2:01:17 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER[Caution: ExecutableFile] #:17 [hkcmd[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 588 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 3.0.0.3762 ProductVersion : 7.0.0.3762 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2002, Intel Corporation OriginalFilename : HKCMD[Caution: ExecutableFile] #:18 [dvdlauncher[Caution: ExecutableFile]] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 592 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 3.00.0000 ProductVersion : 3.00.0000 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : DVDLauncher[Caution: ExecutableFile] #:19 [jusched[Caution: ExecutableFile]] FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\ ProcessID : 652 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal #:20 [avgcc[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 756 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 7,1,0,355 ProductVersion : 7.1.0.355 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC[Caution: ExecutableFile] #:21 [avgemc[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 804 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 7,1,0,371 ProductVersion : 7.1.0.371 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005, GRISOFT, s.r.o. OriginalFilename : avgemc[Caution: ExecutableFile] #:22 [motivesb[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\NETASS~1\SMARTB~1\ ProcessID : 964 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 5.8.10.asst_classic.smartbridge.20041013_160000 ProductVersion : 5.8.10.asst_classic.smartbridge ProductName : Sympatico NetAssistant CompanyName : Motive Communications, Inc. FileDescription : Sympatico NetAssistant InternalName : version LegalCopyright : Copyright 1998-2003 OriginalFilename : version #:23 [msnmsgr[Caution: ExecutableFile]] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 980 ThreadCreationTime : 19-12-2005 2:01:18 AM BasePriority : Normal FileVersion : 7.5.0311 ProductVersion : 7.5.0311 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr[Caution: ExecutableFile] #:24 [svchost[Caution: ExecutableFile]] FilePath : C:\WINDOWS\System32\ ProcessID : 1640 ThreadCreationTime : 19-12-2005 2:01:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:25 [firefox[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 2056 ThreadCreationTime : 19-12-2005 2:02:07 AM BasePriority : Normal #:26 [ad-aware[Caution: ExecutableFile]] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 3552 ThreadCreationTime : 19-12-2005 2:42:03 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware[Caution: ExecutableFile] LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé Lavasoft AB Sweden OriginalFilename : Ad-Aware[Caution: ExecutableFile] Comments : All Rights Reserved Memory scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 0 Started registry scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : istx.installer istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7c559105-9ecf-42b8-b3f7-832e75edd959} ServerLogic.Hyperlinker Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : linkmaker.linkmakerfilter ServerLogic.Hyperlinker Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : linkmaker.linkmakerfilter.1 ServerLogic.Hyperlinker Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : linkmaker.linktracker ServerLogic.Hyperlinker Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : linkmaker.linktracker.1 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag.1 ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\ist DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\ist Value : account_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\ist Value : config DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\ist Value : NeverISTsvc DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\ist Value : referer SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} Backdoor.Prorat.16 Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind Value : shoppingautosearch Virtumonde Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{6dd0bc06-4719-4ba3-bebc-fbae6a448152} Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\software\powerscan Value : account_id Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "LoadNum" Rootkey : HKEY_LOCAL_MACHINE Object : software\powerscan Value : LoadNum Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-2997497780-3156479882-3201368126-1008\\software\powerscan Value : account_id Registry Scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 29 Objects found so far: 29 Started deep registry scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : C:\WINDOWS\ceres(2).dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{1EF578A1-769F-9F37-41AA-BE2D91F43481} VX2 Object Recognized! Type : File Data : ceres(2).dll TAC Rating : 10 Category : Malware Comment : Object : c:\windows\ FileVersion : 0, 12, 4, 69 ProductVersion : 0, 12, 4, 69 ProductName : Ceres CompanyName : Ceres FileDescription : http://www.abetterinternet.com InternalName : Ceres LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : Ceres.dll Comments : http://www.abetterinternet.com Trusted zone presumably compromised : contentmatch.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Vulnerability Comment : Trusted zone presumably compromised : contentmatch.net\ny Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Vulnerability Comment : Trusted zone presumably compromised : contentmatch.net\ny Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny Value : https Possible Browser Hijack attempt : {7C559105-9ECF-42B8-B3F7-832E75EDD959} (http://www.xxxtoolbar.com/ist/softwares ... cracks.cab) Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Vulnerability Comment : Possible Browser Hijack attempt : http://www.xxxtoolbar.com/ist/softwares ... cracks.cab Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Vulnerability Comment : Possible Browser Hijack attempt : http://www.xxxtoolbar.com/ist/softwares ... cracks.cab Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} Value : Installer Deep registry scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 5 Objects found so far: 35 Started Tracking Cookie scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Tracking Cookie Object Recognized! Type : IECache Entry Data : mitch@adrevolver[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/adrevolver/ Expires : 18-12-2006 7:50:36 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : mitch@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/ Expires : 17-12-2010 7:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : mitch@adrevolver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 18-12-2006 7:50:36 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 3 Objects found so far: 38 Deep scanning and examining files (C:) ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@247realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@247realmedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@2o7[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@adrevolver[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@adrevolver[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@adrevolver[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@adrevolver[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@advertising[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@apmebf[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@apmebf[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@bfast[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@bfast[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@bluestreak[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@bluestreak[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@casalemedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@casalemedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@centrport[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@centrport[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@cgi-bin[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@cgi-bin[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@cgi-bin[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@cgi-bin[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@cgi-bin[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@cgi-bin[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@doubleclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]4[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@fastclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@fortunecity[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@fortunecity[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@mediaplex[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@overture[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@qksrv[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@qksrv[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@questionmarket[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@realmedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@revenue[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@revenue[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@serving-sys[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : http://www.searchtraffic.com Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@statcounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@statcounter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@targetnet[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@targetnet[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@tickle[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@tickle[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@trafficmp[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@trafficmp[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@tribalfusion[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@tribalfusion[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@tripod[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@tripod[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@valueclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@valueclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@weborama[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@weborama[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : jaclyn@zedo[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Jaclyn\Cookies\jaclyn@zedo[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@2o7[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@adrevolver[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@adrevolver[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@adrevolver[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@adrevolver[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@apmebf[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@apmebf[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@atdmt[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@atdmt[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@bfast[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@bfast[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@bravenet[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@bravenet[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@casalemedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@casalemedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@cgi-bin[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@cgi-bin[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@clickbank[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@clickbank[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@fastclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@linksynergy[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@linksynergy[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@maxserving[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@maxserving[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@mediaplex[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@overture[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@overture[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@realmedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@real[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@real[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@revenue[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@revenue[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@serving-sys[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : http://www.searchtraffic.com Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@tradedoubler[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@tradedoubler[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@trafficmp[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@trafficmp[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@tribalfusion[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@tripod[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@tripod[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : julie@valueclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\julie@valueclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Julie\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@casalemedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\paul@casalemedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\paul@fastclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@gator[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\paul@gator[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@revenue[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\paul@revenue[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entr Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 19, 2005 Author Share Posted December 19, 2005 CONTINUED... Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]4[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : natalie@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\natalie@fastclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : natalie@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\natalie@mediaplex[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : natalie@qksrv[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\natalie@qksrv[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : natalie@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\natalie@questionmarket[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : natalie@realmedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\natalie\Cookies\natalie@realmedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@247realmedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@247realmedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@2o7[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@apmebf[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@apmebf[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@atdmt[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@atdmt[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@bfast[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@bfast[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@centrport[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@centrport[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@cgi-bin[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@cgi-bin[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]4[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@fastclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@linksynergy[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@linksynergy[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@mediaplex[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@overture[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@qksrv[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@qksrv[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@questionmarket[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@realmedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@serving-sys[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@sextracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@sextracker[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@statcounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@statcounter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : paul@zedo[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Paul\Cookies\paul@zedo[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@2o7[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@ad-logics[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@ad-logics[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@adrevolver[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@adrevolver[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@apmebf[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@apmebf[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@bfast[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@bfast[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@bluestreak[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@bluestreak[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@casalemedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@casalemedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@cgi-bin[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@cgi-bin[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@clickagents[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@clickagents[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]4[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@fastclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@gator[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@gator[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@maxserving[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@maxserving[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@mediaplex[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@overture[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@paycounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@paycounter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@qksrv[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@qksrv[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@questionmarket[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@realmedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@realmedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@serving-sys[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@sextracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@sextracker[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@targetnet[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@targetnet[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@tickle[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@tickle[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@trafficmp[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@trafficmp[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@tribalfusion[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : travis@valueclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\travis@valueclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Travis\Cookies\[email protected][1].txt 180Solutions Object Recognized! Type : File Data : Del6.tmp TAC Rating : 6 Category : Data Miner Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\ 180Solutions Object Recognized! Type : File Data : Del8.tmp TAC Rating : 6 Category : Data Miner Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\ VX2 Object Recognized! Type : File Data : thnall2c[Caution: ExecutableFile] TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\drp5.tmp\ FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : DrInstall Application FileDescription : DrInstall Application InternalName : DrInstal LegalCopyright : Copyright © 2004 OriginalFilename : DrInstall[Caution: ExecutableFile] VX2 Object Recognized! Type : File Data : thnall2c[Caution: ExecutableFile] TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\drp6B.tmp\ FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : DrInstall Application FileDescription : DrInstall Application InternalName : DrInstal LegalCopyright : Copyright © 2004 OriginalFilename : DrInstall[Caution: ExecutableFile] VX2 Object Recognized! Type : File Data : thnall2c[Caution: ExecutableFile] TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\drp7.tmp\ FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : DrInstall Application FileDescription : DrInstall Application InternalName : DrInstal LegalCopyright : Copyright © 2004 OriginalFilename : DrInstall[Caution: ExecutableFile] VX2 Object Recognized! Type : File Data : thnall2c[Caution: ExecutableFile] TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\DrTemp\ FileVersion : 1, 0, 0, 12 ProductVersion : 1, 0, 0, 12 ProductName : Install Utility CompanyName : BetterInternet, Inc. FileDescription : http://www.abetterinternet.com - Utility for downloading files and upgrading software. InternalName : Install Utility LegalCopyright : BetterInternet, Inc. ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : InstUtil[Caution: ExecutableFile] Comments : Utility for downloading files and upgrading software. Visit http://www.abetterinternet.com for more info. SCBAR Object Recognized! Type : File Data : rem13.tmp TAC Rating : 3 Category : Data Miner Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\ FileVersion : 11.125.0.11 ProductVersion : 11.125.0.11 VX2 Object Recognized! Type : File Data : zserv.cab TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI4275.tmp\ VX2 Object Recognized! Type : File Data : ZServ.dll TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI4275.tmp\ FileVersion : 0, 7, 4, 67 ProductVersion : 0, 7, 4, 67 CompanyName : ZServ FileDescription : http://www.ZServ.biz LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : ZServ.dll Comments : http://www.ZServ.biz VX2 Object Recognized! Type : File Data : zserv.cab TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI6CC5.tmp\ VX2 Object Recognized! Type : File Data : ZServ.dll TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI6CC5.tmp\ FileVersion : 0, 7, 4, 67 ProductVersion : 0, 7, 4, 67 CompanyName : ZServ FileDescription : http://www.ZServ.biz LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : ZServ.dll Comments : http://www.ZServ.biz VX2 Object Recognized! Type : File Data : Ceres.dll TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI6D5F.tmp\ FileVersion : 0, 12, 4, 69 ProductVersion : 0, 12, 4, 69 ProductName : Ceres CompanyName : Ceres FileDescription : http://www.abetterinternet.com InternalName : Ceres LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : Ceres.dll Comments : http://www.abetterinternet.com Object "Ceres.dll" found in this archive. VX2 Object Recognized! Type : File Data : csnopol.cab TAC Rating : 10 Category : Malware Comment : Object "Ceres.dll" found in this archive. Object : C:\Documents and Settings\Travis\Local Settings\Temp\THI6D5F.tmp\ VirtualBouncer Object Recognized! Type : File Data : BundleOuter2504040406[Caution: ExecutableFile] TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\ VirtualBouncer Object Recognized! Type : File Data : BundleOuter2504040406[Caution: ExecutableFile] TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ VirtualBouncer Object Recognized! Type : File Data : BundleOuter2504040406[Caution: ExecutableFile] TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ VirtualBouncer Object Recognized! Type : File Data : BundleOuter2504040406[Caution: ExecutableFile] TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\CONFLICT.3\ BlazeFind Object Recognized! Type : File Data : WinAdCtlX.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\ VX2 Object Recognized! Type : File Data : localNRD(2).dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 4, 4, 67 ProductVersion : 0, 4, 4, 67 ProductName : LocalNRD CompanyName : LocalNRD FileDescription : http://www.localnrd.com InternalName : LocalNRD LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2004 OriginalFilename : LocalNRD.dll Comments : http://www.localnrd.com Elitum.ElitebarBHO Object Recognized! Type : File Data : doolsav.dat TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\SYSTEM32\ FileVersion : 1, 0, 0, 59 ProductVersion : 1, 0, 0, 59 ProductName : EliteToolBar Dynamic Link Library FileDescription : EliteToolBar DLL InternalName : EliteToolBar LegalCopyright : Copyright © 2004 OriginalFilename : EliteToolBar.DLL Disk Scan Result for C:\ ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 257 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Warning! Bad Hosts file entry:69.20.16.183:auto.search.msn.com Redirected hostfile entry Object Recognized! Type : Hosts file Data : 69.20.16.183 TAC Rating : 4 Category : Misc Comment : Possible CoolWebSearch Hijack Bad Hostfile entry : 69.20.16.183:auto.search.msn.com Warning! Bad Hosts file entry:69.20.16.183:search.netscape.com Redirected hostfile entry Object Recognized! Type : Hosts file Data : 69.20.16.183 TAC Rating : 4 Category : Misc Comment : Possible CoolWebSearch Hijack Bad Hostfile entry : 69.20.16.183:search.netscape.com Warning! Bad Hosts file entry:69.20.16.183:ieautosearch Redirected hostfile entry Object Recognized! Type : Hosts file Data : 69.20.16.183 TAC Rating : 4 Category : Misc Comment : Possible CoolWebSearch Hijack Bad Hostfile entry : 69.20.16.183:ieautosearch Hosts file scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû 13 entries scanned. New critical objects:3 Objects found so far: 260 Performing conditional scans... ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : .sta istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : .sta Value : istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager istbar Object Recognized! Type : RegData Data : Never TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : RegData Data : Never TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : File Data : ISTactivex.dll TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\downloaded program files\ FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ServerLogic.Hyperlinker Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html ServerLogic.Hyperlinker Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html Value : CLSID ServerLogic.Hyperlinker Object Recognized! Type : RegData Data : no TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} DyFuCA Object Recognized! Type : RegData Data : Never TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : BandRest Data : Never DyFuCA Object Recognized! Type : RegData Data : Never TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : BandRest Data : Never Virtumonde Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : .key Powerscan Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\powerscan Powerscan Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\powerscan Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Power Scan 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} 180Solutions Object Recognized! Type : File Data : saie.log TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ VirtualBouncer Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\vb and vba program settings Conditional scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 21 Objects found so far: 281 9:55:43 PM Scan Complete Summary Of This Scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Total scanning time:00:12:19.234 Objects scanned:136817 Objects identified:281 Objects ignored:0 New critical objects:281 Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 19, 2005 Author Share Posted December 19, 2005 THERE ARE 6 USERS ON THIS COMPUTER. THERE IS NO "GUEST" ACCOUNT. 4 OF THEM ARE ADMINISTRATORS, 2 ARE LIMITED ACCOUNTS. Link to comment Share on other sites More sharing options...
Sharper Posted December 19, 2005 Share Posted December 19, 2005 This thread and the issues on your computer really have been dragging out, they didn't look too complicated to start with. Colt started helping so I won't intrude :) Also I would suggest having only 1 person use an administrator account on a computer shared as heavily as yours, preferably someone who's tech-savy. Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 19, 2005 Share Posted December 19, 2005 Is anyone else still having problems with winfixer? If they are post their hjt logs and their names. i.e DAD Logfile HiJack This 1.99.1 etc... did you fix the stuff from the automatic tools? VX2 Object Recognized think i got a tools for it- i check for you, might even be in one of the stickies -.-. p.s This thread and the issues on your computer really have been dragging out, they didn't look too complicated to start with. yeh...my bad... :oops: edit: seen your first log and i can also see look2me infection. Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 19, 2005 Author Share Posted December 19, 2005 This thread and the issues on your computer really have been dragging out, they didn't look too complicated to start with. Colt started helping so I won't intrude :) Also I would suggest having only 1 person use an administrator account on a computer shared as heavily as yours, preferably someone who's tech-savy. Colt and I were talking on MSN, that's what he told me to provide. Is anyone else still having problems with winfixer? If they are post their hjt logs and their names. So winfixer's off my account? did you fix the stuff from the automatic tools? What? So now you want me to post HJT logs of each of the other accounts? Then, we'll do whatever is required for each of those accounts? Then, we'll get rid of the 2 other infections you spotted? (Look2me, VX2) Also, is there any way to have this fixing ALL of the accounts? Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 19, 2005 Author Share Posted December 19, 2005 FOR FRIG SAKES! MY IDIOT SISTER INSTALLED LIMEWIRE LAST NIGHT! UGH! I DELETED IT. I'LL RUN CCLEANER ON ALL OF THE ACCOUNTS, THEN POST HJT LOGS FOR EACH ACCOUNT, INCLUDING MINE. I'LL UPLOAD THEM TO http://WWW.UPLOADHUT.COM THEN JUST POST THE LINKS IN THIS POST.. GIVE ME A FEW MINUTES. HJT LOG FOR USER MITCH: http://uploadhut.com/view.php/484390.txt HJT LOG FOR USER JULIE: http://uploadhut.com/view.php/484391.txt HJT LOG FOR USER JACLYN: http://uploadhut.com/view.php/484400.txt HJT LOG FOR USER NATALIE: http://uploadhut.com/view.php/484402.txt HJT LOG FOR USER PAUL: http://uploadhut.com/view.php/484406.txt HJT LOG FOR USER TRAVIS: http://uploadhut.com/view.php/484407.txt Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 20, 2005 Share Posted December 20, 2005 So now you want me to post HJT logs of each of the other accounts? only if they have winfixer problems- ok had a quick scan- vundo's gone. Then, we'll do whatever is required for each of those accounts? If they are infected which they arn't Then, we'll get rid of the 2 other infections you spotted? (Look2me, VX2) I can see a lot more than 2.lol. but basically yes I'll deal with specific infections first. Also, is there any way to have this fixing ALL of the accounts? Sometimes it will sometimes it won't so thats why i am asking if any other people are having winfixer problems. Should be ok though-your the admin. what i meant was did you get ad-aware to fix the stuff... +++++++++++++++++++++++++++++ edited again ok after our little chat on msn i had 2nd thoughts. l2m is like a magnet for other spyware. I take that out. You have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix[Caution: ExecutableFile] ]http://www.downloads.subratam.org/l2mfix[Caution: ExecutableFile] change the .e3e (CAUTION - executable file) to [Caution: ExecutableFile] Save the file to your desktop and double click l2mfix[Caution: ExecutableFile]. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd[Caution: ExecutableFile] C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first. Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 20, 2005 Author Share Posted December 20, 2005 You mean after the chat we had about 8 hours ago? At 7:30 am EST.. Also, I just got back on, and found this. Healed it successfully though. Anywho! I did the l2m fix thing (Just Option 1), this is my log below. Also! I needed to download an "XP Home Files" thing, which over-wrote some files in my system32. I hope that's okay.. I also have a question. Which programs can I delete now? I haven't deleted anything you've told me to get yet, since I started this post. I feel uneasy with them. Which can I delete? L2MFIX find log 121605 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljji] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\system32\\mljji.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play Devices" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Wed Nov 23 2005 8:06:34p A.... 1,022,464 998.50 K cdfview.dll Thu Oct 20 2005 10:39:26p A.... 151,040 147.50 K danim.dll Fri Nov 4 2005 10:16:24p A.... 1,054,208 1.00 M dxtrans.dll Thu Oct 20 2005 10:39:28p A.... 205,312 200.50 K esent.dll Thu Oct 20 2005 5:20:04p A.... 1,082,368 1.03 M extmgr.dll Thu Oct 20 2005 10:39:28p ..... 55,808 54.50 K gdi32.dll Wed Oct 5 2005 10:09:36p A.... 280,064 273.50 K iepeers.dll Thu Oct 20 2005 10:39:28p A.... 251,392 245.50 K inseng.dll Thu Oct 20 2005 10:39:28p A.... 96,256 94.00 K mshtml.dll Wed Nov 23 2005 8:06:34p A.... 3,015,680 2.88 M mshtmled.dll Thu Oct 20 2005 10:39:30p A.... 448,512 438.00 K msrating.dll Thu Oct 20 2005 10:39:30p A.... 146,432 143.00 K mstime.dll Thu Oct 20 2005 10:39:30p A.... 530,944 518.50 K pngfilt.dll Thu Oct 20 2005 10:39:30p A.... 39,424 38.50 K shdocvw.dll Wed Nov 30 2005 10:59:30p A.... 1,492,480 1.42 M shell32.dll Thu Sep 22 2005 10:05:30p A.... 8,450,560 8.06 M shlwapi.dll Thu Oct 20 2005 10:39:30p A.... 473,600 462.50 K sirenacm.dll Wed Oct 12 2005 4:11:06p A.... 118,784 116.00 K spmsg.dll Wed Oct 12 2005 6:12:26p ..... 14,048 13.72 K urlmon.dll Fri Nov 4 2005 10:16:28p A.... 609,280 595.00 K wininet.dll Thu Oct 20 2005 10:39:30p A.... 658,432 643.00 K 21 items found: 21 files, 0 directories. Total of file sizes: 20,197,088 bytes 19.26 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Mon Nov 21 2005 9:27:24a A.... 199 0.19 K 1 item found: 1 file, 0 directories. Total of file sizes: 199 bytes 0.19 K ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 3811-9D01 Directory of C:\WINDOWS\System32 28/11/2005 11:37 PM 18/07/2005 03:36 AM 2,368 cvsloops.dat 15/07/2005 11:43 PM 32 cvsloops.le 06/10/2004 03:28 PM 2 File(s) 2,400 bytes 2 Dir(s) 24,405,688,320 bytes free Link to comment Share on other sites More sharing options...
astagarden Posted December 20, 2005 Share Posted December 20, 2005 OMG! It's in my computer too but I don't understand a thing you said.........I'm sure it's great, but my brain is not equipped to deal with it. My next best move is to call my handy computer guru and have him fix it. Glad to see I'm not the only one with winfixer problems. Mine happened AFTER I installed Foxfire (read it on a post someplace that it was better than IE). I've removed that, I think, and am using IE now but winfixer keeps butting in. Also, Adaware never picked it up and Spybot does only sometimes. I'm also running Norton which did zip. :( Link to comment Share on other sites More sharing options...
Sir_Itchlot Posted December 21, 2005 Author Share Posted December 21, 2005 :shock: Asta DO NOT follow what Colt told me to do. He said the steps to fixing your computer vary from person to person. If you did something he told me to do, it could ruin your computer even more. You should download Highjack This and CCleaner. Run CCleaner. Run HJT, and post the log on your own thread on these forums, a tech head will help you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now