Virus problems...can't use hijackthis

xirt · Mar 26, 2007

I have no idea what to do...so I'm just going to list processes from task manager that seems suspicious. W32BRG55.EXE (User), rundll32.exe (User), Update.exe (User), command.exe (SYSTEM), winlogon.exe(User), csrss.exe (SYSTEM), csrss.exe (User), smss.exe (System). I'm getting popups from IE and my default browser is firefox and explorer.exe has to restart. Sometimes it'll open another tab and open a popup. I turned on my computer with new shortcuts that seem like spyware and ad-aware doesn't detect it so i uninstall it. For some reason my System restore keeps getting disabled. I can't run msconfig or regedit and hijackthis won't work. Sometimes ipwins.exe pops up in the task manager but closes right away and seems i can uninstall it. Outerinfo is installed into my comp but it seems i can uninstall it. One last thing command.exe is a system process so i can't stop process and it seems i can't uninstall it either without downloading something from their site and I don't want to risk that. HELP PLEASE!!! thanks

KotaGuy · Mar 26, 2007

Thanks for the info... seems your system is pretty messed up. Before I start fixing things... I'd like to get a deeper look into your computer.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

xirt · Mar 30, 2007

WinPFind3 logfile created on: 3/30/2007 4:12:39 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\MJ\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1023 Mb Total Physical Memory | 709 Mb Available Physical Memory | 69.35% Memory free
2 Gb Paging File | 2 Gb Available in Paging File | 92.32% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186 Gb Total Space | 7 Gb Free Space | 4.06% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2 Gb Total Space | 0 Gb Free Space | 0.00% Space Free

Computer Name: XIRT
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 12/6/2002 3:07:48 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 5/3/2005 8:05:00 PM | Attr = ]
command.exe -> %SystemRoot%\TUogR2VsbGFkYQ\command.exe -> [Ver = | Size = 293888 bytes | Modified Date = 8/2/2005 4:58:38 PM | Attr = RHS]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 4:05:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
msgplus.exe -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
razerhid.exe -> %ProgramFiles%\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 5/17/2005 5:21:12 PM | Attr = ]
razerofa.exe -> %ProgramFiles%\Razer\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 143360 bytes | Modified Date = 1/18/2005 12:06:12 AM | Attr = ]
sstray.exe -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0362 | Size = 73728 bytes | Modified Date = 8/12/2003 10:25:56 PM | Attr = R ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
update.exe -> %CommonProgramFiles%\{841A7D4E-0726-1033-0520-040310170001}\Update.exe -> [Ver = | Size = 14336 bytes | Modified Date = 3/17/2007 3:40:34 PM | Attr = ]
w32brg55.exe -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE -> [Ver = 1, 0, 1, 2 | Size = 253952 bytes | Modified Date = 6/7/2005 12:50:02 PM | Attr = ]
winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]
zdwlan.exe -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 13, 0, 0 | Size = 475136 bytes | Modified Date = 8/16/2005 3:13:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 5/26/2005 8:49:24 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 3/6/2007 9:05:00 PM | Attr = ]
(Client IP-IPX) Client IP-IPX [Win32_Own | Auto | Running] -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
(cmdService) Command Service [Win32_Own | Auto | Running] -> %SystemRoot%\TUogR2VsbGFkYQ\command.exe -> [Ver = | Size = 293888 bytes | Modified Date = 8/2/2005 4:58:38 PM | Attr = RHS]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 12/6/2002 3:07:48 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 5/3/2005 8:05:00 PM | Attr = ]
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 4:05:02 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
nForce Tray Options -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0362 | Size = 73728 bytes | Modified Date = 8/12/2003 10:25:56 PM | Attr = R ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
razer -> %ProgramFiles%\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 5/17/2005 5:21:12 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
winlogon -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IpWins -> %ProgramFiles%\Ipwindows\ipwins.exe -> File not found
Steam -> -> File not found
winlogon -> -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr = ]
< Windows NT\\Load [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
C:\WINDOWS\System32\upmfqvw\winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
< Windows NT\\Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\run
C:\WINDOWS\System32\upmfqvw\winlogon.exe -> %System32%\upmfqvw\winlogon.exe -> [Ver = | Size = 76800 bytes | Modified Date = 3/16/2007 4:45:32 PM | Attr = RHS]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 2:06:48 PM | Attr = ]
%AllUsersStartup%\ZDWLan Utility.lnk -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 13, 0, 0 | Size = 475136 bytes | Modified Date = 8/16/2005 3:13:14 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
MsgPlusLoader.dll -> %System32%\MsgPlusLoader.dll -> Patchou [Ver = 3, 63, 4, 0 | Size = 58952 bytes | Modified Date = 4/16/2006 1:16:12 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{54645654-2225-4455-44A1-9F4543D34546} [HKLM] -> %System32%\vbsys2.dll [SystemCheck2] -> [Ver = | Size = 90112 bytes | Modified Date = 1/27/2005 3:35:12 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:20 PM | Attr = ]
< HOSTS File > (2382 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
1.1.1.1 f-secure.com -> ->
1.1.1.1 www.f-secure.com -> ->
1.1.1.1 ftp.f-secure.com -> ->
1.1.1.1 ftp.sophos.com -> ->
1.1.1.1 liveupdate.symantec.com -> ->
1.1.1.1 customer.symantec.com -> ->
1.1.1.1 dispatch.mcafee.com -> ->
1.1.1.1 download.mcafee.com -> ->
1.1.1.1 rads.mcafee.com -> ->
1.1.1.1 mast.mcafee.com -> ->
1.1.1.1 my-etrust.com -> ->
1.1.1.1 www.my-etrust.com -> ->
1.1.1.1 nai.com -> ->
1.1.1.1 www.nai.com -> ->
1.1.1.1 networkassociates.com -> ->
1.1.1.1 secure.nai.com -> ->
1.1.1.1 securityresponse.symantec.com -> ->
1.1.1.1 service1.symantec.com -> ->
1.1.1.1 sophos.com -> ->
1.1.1.1 www.sophos.com -> ->
1.1.1.1 support.microsoft.com -> ->
1.1.1.1 symantec.com -> ->
1.1.1.1 www.symantec.com -> ->
1.1.1.1 update.symantec.com -> ->
1.1.1.1 updates.symantec.com -> ->
1.1.1.1 us.mcafee.com -> ->
1.1.1.1 vil.nai.com -> ->
1.1.1.1 viruslist.com -> ->
1.1.1.1 www.viruslist.com -> ->
1.1.1.1 grisoft.com -> ->
1.1.1.1 www.grisoft.com -> ->
1.1.1.1 free.grisoft.com -> ->
1.1.1.1 trendmicro.com -> ->
1.1.1.1 housecall.trendmicro.com -> ->
1.1.1.1 www.trendmicro.com -> ->
1.1.1.1 pandasoftware.com -> ->
1.1.1.1 www.pandasoftware.com -> ->
1.1.1.1 usa.kaspersky.com -> ->
1.1.1.1 ewido.net -> ->
1.1.1.1 www.ewido.net -> ->
1.1.1.1 zonelabs.com -> ->
1.1.1.1 www.zonelabs.com -> ->
1.1.1.1 bitdefender.com -> ->
1.1.1.1 www.bitdefender.com -> ->
1.1.1.1 download.bitdefender.com -> ->
1.1.1.1 upgrade.bitdefender.com -> ->
1.1.1.1 spywareinfo.com -> ->
1.1.1.1 www.spywareinfo.com -> ->
1.1.1.1 merijn.org -> ->
1.1.1.1 www.merijn.org -> ->
1.1.1.1 sysinternals.com -> ->
1.1.1.1 www.sysinternals.com -> ->
1.1.1.1 onguardonline.gov -> ->
1.1.1.1 www.onguardonline.gov -> ->
1.1.1.1 avast.com -> ->
1.1.1.1 www.avast.com -> ->
1.1.1.1 safety.live.com -> ->
1.1.1.1 www.paretologic.com -> ->
1.1.1.1 paretologic.com -> ->
1.1.1.1 virusscan.jotti.org -> ->
1.1.1.1 services.google.com -> ->
1.1.1.1 www.webroot.com -> ->
1.1.1.1 webroot.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
click_getmirar.com [http] -> ->
click_getmirar.com [https] -> ->
click_mirarsearch.com [http] -> ->
click_mirarsearch.com [https] -> ->
redirect_mirarsearch.com [http] -> ->
redirect_mirarsearch.com [https] -> ->
awbeta_net-nucleus.com [http] -> ->
awbeta_net-nucleus.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 12:02:04 PM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.3.19.dll [BitComet Helper] -> BitComet [Ver = 20070319 | Size = 398912 bytes | Modified Date = 3/19/2007 2:47:56 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKLM] -> %System32%\WinNB57.dll [Related Page] -> [Ver = 0, 0, 5, 7 | Size = 311296 bytes | Modified Date = 4/5/2005 10:46:58 PM | Attr = ]
WebBrowser\\{C1B4DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 2:08:58 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
{09EA1F80-F40A-11D1-B792-444553540001} -> %ProgramFiles%\Flash saver\save.htm [ButtonText: Flash Saver] -> [Ver = | Size = 236 bytes | Modified Date = 6/28/2004 11:05:44 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
&Save Flash In This Page by Flash Saver -> %ProgramFiles%\Flash saver\save.htm -> [Ver = | Size = 236 bytes | Modified Date = 6/28/2004 11:05:44 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{13196A0A-835C-4A9A-9A01-DA1BBC0C3555} -> () ->
{7E2D9A63-E60A-4DF4-8D9A-3562353A0297} -> (NVIDIA nForce MCP Networking Controller) ->
{7E5F0F28-01B3-484B-A613-D300445B663F} -> (Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45) ->
{80159198-66C0-42FA-82EF-CA02E23647B2} -> (1394 Net Adapter) ->
{A8A0FB38-7ACD-426B-878D-00815D8CD963} -> () ->
{DC976B0E-ED1F-48C6-AAF5-9C92C792D4E6} -> () ->
{F3302830-8473-452B-A386-49EB1C005526} -> ((ZD1211B)IEEE 802.11 b+g USB Adapter) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000162-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab ->
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
{24311111-1111-1121-1111-111191113457} -> - CodeBase = file://c:\eied_s7.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{33331111-1111-1111-1111-611111193457} -> - CodeBase = file://c:\ex.cab ->
{33331111-1111-1111-1111-611111193458} -> - CodeBase = file://c:\ex.cab ->
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> ZoneBuddy Class - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab ->
{43331111-1111-1111-1111-611111195622} -> - CodeBase = file://c:\ex.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1109809435917 ->
{8A0DCBDB-6E20-489C-9041-C1E8A0352E75} -> Mirar_Dummy_ATS1 Class - CodeBase = http://awbeta.net-nucleus.com/FIX/WinATS.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> StadiumProxy Class - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab ->
{E4C29FDC-F547-4219-ACFD-571F2A7A564A} -> WebCamTest Class - CodeBase = http://click.mirarsearch.com/CABUPDATES/winwcd.cab ->
{E6187999-9FEC-46A1-A20F-F4CA977D5643} -> ZoneChess Object - CodeBase = http://messenger.zone.msn.com/binary/Chess.cab31267.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Created Date = 3/15/2007 9:18:12 PM | Attr = ]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1056 bytes | Created Date = 3/30/2007 4:08:54 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/17/2007 1:59:28 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/17/2007 1:59:28 AM | Attr = H ]
tc02.exe -> %SystemRoot%\tc02.exe -> [Ver = | Size = 185531 bytes | Created Date = 3/17/2007 3:40:24 PM | Attr = ]
TUogR2VsbGFkYQ -> %SystemRoot%\TUogR2VsbGFkYQ -> [Folder | Created Date = 3/16/2007 7:16:11 PM | Attr = HS]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 3/16/2007 7:16:11 PM | Attr = ]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0334 | Size = 348160 bytes | Created Date = 3/2/2007 2:11:44 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 265728 bytes | Created Date = 3/2/2007 2:53:36 PM | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2511 | Size = 42496 bytes | Created Date = 3/2/2007 2:47:30 PM | Attr = ]
ati2evxx.dll -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Created Date = 3/2/2007 2:47:19 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Created Date = 3/2/2007 2:46:12 PM | Attr = ]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Created Date = 3/2/2007 2:47:35 PM | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0487 | Size = 2824512 bytes | Created Date = 3/2/2007 2:38:53 PM | Attr = ]
ATIDDC.DLL -> %System32%\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Created Date = 3/2/2007 2:45:32 PM | Attr = ]
ATIDEMGX.dll -> %System32%\ATIDEMGX.dll -> ATI Technologies Inc. [Ver = 2.0.2617.28637 | Size = 307200 bytes | Created Date = 3/2/2007 2:54:35 PM | Attr = ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 3/2/2007 2:57:04 PM | Attr = ]
atikvmag.dll -> %System32%\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0052 | Size = 258048 bytes | Created Date = 3/2/2007 2:17:37 PM | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6388 | Size = 5398528 bytes | Created Date = 3/2/2007 2:21:15 PM | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2516 | Size = 118784 bytes | Created Date = 3/2/2007 2:47:51 PM | Attr = ]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Created Date = 3/2/2007 2:16:23 PM | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0144 | Size = 1288960 bytes | Created Date = 3/2/2007 2:29:23 PM | Attr = ]
atmtd.dll -> %System32%\atmtd.dll -> [Ver = | Size = 687592 bytes | Created Date = 3/16/2007 7:16:38 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 3/25/2007 2:49:07 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 3/5/2007 10:12:49 PM | Attr = ]
netstat.com -> %System32%\netstat.com -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 4:45:44 PM | Attr = HS]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0020 | Size = 110592 bytes | Created Date = 3/2/2007 2:47:42 PM | Attr = ]
SBPoker.ico -> %System32%\SBPoker.ico -> [Ver = | Size = 4286 bytes | Created Date = 3/24/2007 4:45:00 PM | Attr = ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Created Date = 3/16/2007 6:40:28 PM | Attr = ]
taskkill.com -> %System32%\taskkill.com -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 4:45:44 PM | Attr = HS]
tsuninst.exe -> %System32%\tsuninst.exe -> [Ver = | Size = 127578 bytes | Created Date = 3/16/2007 8:22:55 PM | Attr = ]
unsvchosts.exe -> %System32%\unsvchosts.exe -> [Ver = | Size = 2560 bytes | Created Date = 3/16/2007 6:40:28 PM | Attr = ]
upmfqvw -> %System32%\upmfqvw -> [Folder | Created Date = 3/16/2007 4:45:40 PM | Attr = HS]
wnsapiit.exe -> %System32%\wnsapiit.exe -> [Ver = | Size = 2 bytes | Created Date = 3/16/2007 8:56:33 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Created Date = 3/2/2007 2:53:19 PM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.10 | Size = 49152 bytes | Created Date = 3/2/2007 2:15:08 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Created Date = 3/2/2007 2:53:19 PM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 40688 bytes | Created Date = 3/2/2007 3:32:36 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Modified Date = 3/15/2007 9:18:14 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/30/2007 4:09:58 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 3/26/2007 5:54:36 PM | Attr = ]
New Folder -> %SystemDrive%\New Folder -> [Folder | Modified Date = 3/12/2007 7:51:54 PM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Modified Date = 3/24/2007 1:53:56 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/23/2007 12:20:56 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/17/2007 1:52:06 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/26/2007 5:20:52 PM | Attr = HS]
TV and Clips -> %SystemDrive%\TV and Clips -> [Folder | Modified Date = 3/13/2007 5:53:04 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/30/2007 4:11:12 PM | Attr = ]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1056 bytes | Modified Date = 3/30/2007 4:08:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/30/2007 4:11:12 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/30/2007 4:11:22 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/26/2007 9:39:32 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/27/2007 12:09:02 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/30/2007 4:09:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 4:09:58 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/13/2007 6:03:30 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 3/29/2007 10:46:06 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/29/2007 10:32:46 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/17/2007 1:59:30 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/30/2007 12:21:44 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/15/2007 9:13:50 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/22/2007 9:26:38 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/30/2007 4:11:06 PM | Attr = ]
tc02.exe -> %SystemRoot%\tc02.exe -> [Ver = | Size = 185531 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/30/2007 4:11:22 PM | Attr = ]
TUogR2VsbGFkYQ -> %SystemRoot%\TUogR2VsbGFkYQ -> [Folder | Modified Date = 3/16/2007 7:16:12 PM | Attr = HS]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 924 bytes | Modified Date = 3/25/2007 10:33:20 PM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 3/30/2007 6:03:02 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 3/24/2007 8:54:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/30/2007 4:11:16 PM | Attr = H ]
ansi.cfg -> %System32%\ansi.cfg -> [Ver = | Size = 0 bytes | Modified Date = 3/26/2007 5:55:12 PM | Attr = ]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0334 | Size = 348160 bytes | Modified Date = 3/2/2007 2:11:46 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 265728 bytes | Modified Date = 3/2/2007 2:53:38 PM | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2511 | Size = 42496 bytes | Modified Date = 3/2/2007 2:47:32 PM | Attr = ]
ati2evxx.dll -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:20 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 446464 bytes | Modified Date = 3/2/2007 2:46:14 PM | Attr = ]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 3/2/2007 2:47:36 PM | Attr = ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 3/6/2007 9:05:00 PM | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0487 | Size = 2824512 bytes | Modified Date = 3/2/2007 2:38:54 PM | Attr = ]
ATIDDC.DLL -> %System32%\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Modified Date = 3/2/2007 2:45:34 PM | Attr = ]
ATIDEMGX.dll -> %System32%\ATIDEMGX.dll -> ATI Technologies Inc. [Ver = 2.0.2617.28637 | Size = 307200 bytes | Modified Date = 3/2/2007 2:54:36 PM | Attr = ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Modified Date = 3/2/2007 2:57:04 PM | Attr = ]
atikvmag.dll -> %System32%\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0052 | Size = 258048 bytes | Modified Date = 3/2/2007 2:17:38 PM | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6388 | Size = 5398528 bytes | Modified Date = 3/2/2007 2:21:16 PM | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2516 | Size = 118784 bytes | Modified Date = 3/2/2007 2:47:52 PM | Attr = ]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Modified Date = 3/2/2007 2:16:24 PM | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0144 | Size = 1288960 bytes | Modified Date = 3/2/2007 2:29:24 PM | Attr = ]
atmtd.dll -> %System32%\atmtd.dll -> [Ver = | Size = 687592 bytes | Modified Date = 3/16/2007 7:16:40 PM | Attr = ]
atmtd.dll._ -> %System32%\atmtd.dll._ -> [Ver = | Size = 687592 bytes | Modified Date = 3/16/2007 7:16:40 PM | Attr = ]
BitCometRes.dll -> %System32%\BitCometRes.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 3/30/2007 3:16:50 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/30/2007 4:08:44 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 3/25/2007 2:49:08 AM | Attr = ]
CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 3/29/2007 10:31:28 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/15/2007 9:13:54 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 3/15/2007 9:13:42 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/30/2007 4:09:12 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/30/2007 4:09:08 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 150792 bytes | Modified Date = 3/27/2007 5:48:00 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 3/5/2007 10:12:34 PM | Attr = ]
netstat.com -> %System32%\netstat.com -> [Ver = | Size = 2 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = HS]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0020 | Size = 110592 bytes | Modified Date = 3/2/2007 2:47:44 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 3/26/2007 5:20:52 PM | Attr = ]
SBPoker.ico -> %System32%\SBPoker.ico -> [Ver = | Size = 4286 bytes | Modified Date = 3/24/2007 4:45:02 PM | Attr = ]
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
taskkill.com -> %System32%\taskkill.com -> [Ver = | Size = 2 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = HS]
unsvchosts.exe -> %System32%\unsvchosts.exe -> [Ver = | Size = 2560 bytes | Modified Date = 3/17/2007 3:40:32 PM | Attr = ]
upmfqvw -> %System32%\upmfqvw -> [Folder | Modified Date = 3/30/2007 4:12:40 PM | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/15/2007 9:13:50 PM | Attr = ]
wnsapiit.exe -> %System32%\wnsapiit.exe -> [Ver = | Size = 2 bytes | Modified Date = 3/22/2007 8:22:30 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 3/29/2007 7:24:44 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Modified Date = 3/2/2007 2:53:20 PM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.10 | Size = 49152 bytes | Modified Date = 3/2/2007 2:15:10 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6677 | Size = 1972224 bytes | Modified Date = 3/2/2007 2:53:20 PM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 40688 bytes | Modified Date = 3/2/2007 3:32:38 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/30/2007 4:11:50 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 432 bytes | Modified Date = 3/16/2007 4:45:46 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 2382 bytes | Modified Date = 3/23/2007 6:10:30 AM | Attr = HS]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\mplayerc.exe -> Gabest [Ver = 6, 4, 8, 2 | Size = 1340416 bytes | Modified Date = 3/28/2004 6:46:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.47.0.0 | Size = 69120 bytes | Modified Date = 8/22/2004 4:04:56 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\stb.exe -> [Ver = | Size = 10240 bytes | Modified Date = 2/10/2004 11:30:44 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
aspack , -> %System32%\d2jsp.dll -> [Ver = | Size = 77824 bytes | Modified Date = 2/26/2005 5:31:26 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\fmod.dll -> Firelight Firelight Technologies Pty, Ltd [Ver = 3.7 | Size = 147968 bytes | Modified Date = 9/16/2003 12:57:34 PM | Attr = ]
WinShutDown , ad-w-a-r-e.com , Thawte Consulting , -> %System32%\guard.tmp -> [Ver = | Size = 236041 bytes | Modified Date = 1/22/2006 2:51:28 AM | Attr = ]
aspack , -> %System32%\Hypnoloop.scr -> Axialis Software [Ver = 3, 5, 4, 0 | Size = 1430055 bytes | Modified Date = 6/2/2005 4:26:20 PM | Attr = ]
aspack , -> %System32%\rocknrolldiner.scr -> Axialis Software [Ver = 3, 5, 6, 0 | Size = 1174164 bytes | Modified Date = 9/7/2005 7:21:02 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]

< End of report >

KotaGuy · Mar 30, 2007

OK... you have some serious infections in there. Including a backdoor that allows full control over your computer and drops a keylogger to record your keystrokes to a file and sends it off to the attacker.

Because of this you should probably notify your financial institution about possible fraudulent transactions and from a clean computer change all your passwords you use for any online shopping/banking/etc.

Your safest course of action may be to format the hard drive and reinstall Windows.

Let me know what you decide to do.

xirt · Mar 30, 2007

Well this computer is just mine to enjoy. It doesn't have any account or data that's important because most of my hard drive is made up of games and music and schoolwork. Thanks for your work, I'll probably check on that and I'll think about reformatting.

KotaGuy · Mar 30, 2007

OK... let me know what you decide.

If you decide you would like me to try and clean it I will. Can't guarantee its security afterwards though as I have no way of really knowing the full extent of damage done by the backdoor.

xirt · Mar 31, 2007

Well, I decided to reformat. This way I can insure a clean computer. Currently I'm backing up most of my wanted files onto my 2nd hard drive and I'm going to piggy back the rest onto someone else's when I get a chance. All I need is to find someone with an XP cd without service pack 2 . Thanks for your help.

KotaGuy · Mar 31, 2007

OK... good luck with the reinstall.

xirt · Apr 9, 2007

Alright I finally got around to finishing up my reinstallment, but I went into my task manager and I found Update.exe, ipwins.exe, riuwm.exe, riuwa.exe and idk how that happened...

KotaGuy · Apr 9, 2007

Did you format the Hard Drive before you reinstalled or as part of the reinstall itself?

If you did... everything should have been wiped clean. In which case the only thing I can think of is something you have installed after reinstalling windows has infected you or a site you visited did.

Can you post a HijackThis log?

xirt · Apr 9, 2007

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:16:07 PM, on 4/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\WGlydA\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
C:\PROGRA~1\COMMON~1\riuw\riuwa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ICROSO~1.NET\regedit.exe
C:\Documents and Settings\MJ\My Documents\?dobe\?hkntfs.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\mshearts.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {68E0AF67-14A3-4A51-AB4D-6AE33CE1A99E} - C:\WINDOWS\System32\sabb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O4 - HKCU\..\Run: [Awna] "C:\WINDOWS\ICROSO~1.NET\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Vissst] "C:\Documents and Settings\MJ\My Documents\?dobe\?hkntfs.exe"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176159801359
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WGlydA\command.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 7462 bytes

I have reformated my computer and so far I've only installed drivers and some software like winrar, Microsoft Office, Winamp, Nero, ect.

KotaGuy · Apr 9, 2007

Gotta be a site you've visited then

Run HijackThis. Click the Misc Tools button. Click the Uninstall Manager button. Then the Save List button. Save the list to your Desktop.

Copy/paste the contents of it in your next reply please.

xirt · Apr 9, 2007

Ad-aware 6 Professional
Adobe Acrobat 5.0
Apple Software Update
ASUS Probe V2.21.08
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
BitComet 0.85
Collab
Command
DVD Decrypter (Remove Only)
FL Studio 6
Flash saver 5.5
foobar2000
Gaim (remove only)
Google Talk (remove only)
Google Video Player
GTK+ Runtime 2.4.13 rev a (remove only)
Hamachi 1.0.0.56
HijackThis 2.0.0
iTunes
Logitech iTouch Software
Logitech Resource Center
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0.0.3)
Nero 6 Demo
Network Monitor
Nintendo WIFI Max
NVIDIA nForce Drivers
NVIDIA System Utility
Outerinfo
Outerinfo
QuickTime
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Spybot - Search & Destroy 1.2
TargetSaver
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.2
webHancer Customer Companion
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
WinRAR archiver
ZyDAS IEEE 802.11 b+g Wireless LAN - USB

KotaGuy · Apr 9, 2007

Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

Command
Network Monitor
Outerinfo
Outerinfo
TargetSaver
webHancer Customer Companion

1. Please download AVG Anti-Spyware
[*]Install AVG Anti-Spyware
[*]Launch the program, there should be an icon on your desktop, double-click it.
[*]The program will now open to the main screen.

You will need to update AVG Anti-Spyware to the latest definition files.

[*]On the left hand side of the main screen click update.
[*]Then click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
[*]Exit AVG Anti-Spyware, do not run the scan yet!

2. Please download Brute Force Uninstaller to your desktop.
[*]Right click the BFU folder on your desktop, and choose Extract All
[*]Click "Next"
[*]In the box to choose where to extract the files to,
[*]Click "Browse"
[*]Click on the + sign next to "My Computer"
[*]Click on "Local Disk (C or whatever your primary drive is
[*]Click "Make New Folder"
[*]Type in BFU
[*]Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open AVG Anti-Spyware:

[*]Click on scanner
[*]Click on Complete System Scan and the scan will begin.
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

[*] Start the Brute Force Uninstaller by doubleclicking BFU.exe
[*] Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
[*] Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
[*]Wait for the complete script execution box to pop up and press OK.
[*]Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of AVG Anti-Spyware text report that you saved and a new HiJackThis log.

xirt · Apr 10, 2007

When I click Remove when Command is highlighted it prompts me if I'm sure I want to remove it and I click yes. Then Firefox pops up with a new tab to this address http://command.adservs.com/uninstall.php. Is it safe to download the uninstaller?

KotaGuy · Apr 10, 2007

Actually... I'm not sure... I haven't heard of that happening. I would forego that step just to be safe. Some uninstallers install more junk on your system.

Regardless... the BFU script I'm asking you to run will kill it off... or should anyways

xirt · Apr 11, 2007

I had to do 2 scans because I messed up the first time because it didn't give me the option to "Apply all actions", and I figured it out the second time. So I'm going to post both reports if you don't mind.
Sorry for the inconvenience .
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:55:22 AM 4/11/2007

+ Scan result:

C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\UnInstall.exe -> Adware.888Bar : Ignored.
C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\Bar888.dll -> Adware.Bar888 : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\cmdinst.exe -> Adware.CommAd : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\056FO1E7\installer[1].exe -> Adware.CommAd : Ignored.
C:\WINDOWS\WGlydA\asappsrv.dll -> Adware.CommAd : Ignored.
C:\WINDOWS\WGlydA\command.exe -> Adware.CommAd : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002694.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002538.dll -> Adware.PurityScan : Ignored.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b122.exe -> Adware.Softomate : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\122[1].net -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Ignored.
C:\RECYCLER\S-1-5-21-1409082233-1035525444-725345543-1004\Dc3\Update.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002696.dll -> Adware.TargetServer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b129.exe -> Adware.WebHancer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\129[1].net -> Adware.WebHancer : Ignored.
C:\Program Files\webHancer -> Adware.Webhancer : Ignored.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Ignored.
C:\Program Files\webHancer\Programs\whAgent.ini -> Adware.Webhancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002699.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002700.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002701.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002702.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002315.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002316.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002317.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-4.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-5.DAT -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-6.DAT -> Adware.WebHancer : Ignored.
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Ignored.
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\setar-101[1].0000 -> Adware.Yazzle : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002693.exe -> Downloader.Age : Ignored.
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Ignored.
D:\Downloads\MSN Plus!\install.exe -> Downloader.Agent.bdr : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\A0001740.exe -> Downloader.Purity.dz : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b128.exe -> Downloader.PurityScan.eh : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\128[1].net -> Downloader.PurityScan.eh : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002540.exe -> Downloader.PurityScan.eh : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\104[1].net -> Downloader.Small.buy : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002546.exe -> Downloader.TSUpdate.f : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002695.exe -> Downloader.TSUpdate.l : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002658.exe -> Downloader.TSUpdate.n : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Ignored.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\103[1].net -> Downloader.TSUpdate.o : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002545.exe -> Downloader.TSUpdate.r : Ignored.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
:mozilla.101:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
:mozilla.32:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.6:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.7:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.8:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored.
:mozilla.44:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.53:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.54:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.55:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.56:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.100:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.87:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.92:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.93:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.99:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.47:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.78:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.79:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.80:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.81:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.82:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.83:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.84:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.63:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.64:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.65:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.66:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.37:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.46:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nb5m5uzj.default\cookies.txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.88:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.89:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.90:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.91:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.85:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.86:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@real[1].txt -> TrackingCookie.Real : Ignored.
:mozilla.45:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.94:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.95:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.96:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.97:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.98:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.18:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.19:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.20:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.21:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.22:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.23:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\MJ\Cookies\mj@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.43:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.48:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.49:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.50:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.51:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.52:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002541.exe -> Trojan.Small : Ignored.
C:\WINDOWS\WGlydA\q35VxE.vbs -> Trojan.Small : Ignored.
C:\WINDOWS\system32\wcpisvtr.exe -> Trojan.Small : Ignored.
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Ignored.
C:\Documents and Settings\MJ\My Documents\My Received Files\GDCS_1.4MODDED.rar/GDCS.exe -> Worm.Mytob.bt : Ignored.
D:\CSS stuff\CSS hack\GDCS.exe -> Worm.Mytob.bt : Ignored.

::Report end

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:07:39 PM 4/11/2007

+ Scan result:

C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\UnInstall.exe -> Adware.888Bar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{342DAC21-0726-1033-0520-040310170001}\Bar888.dll -> Adware.Bar888 : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\cmdinst.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\056FO1E7\installer[1].exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002694.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002538.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\122[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1409082233-1035525444-725345543-1004\Dc3\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002696.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b129.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\129[1].net -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002699.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002700.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002701.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002702.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP24\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP25\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP26\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP27\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP28\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP29\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP30\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP31\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP32\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP33\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP34\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP35\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP36\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP37\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP38\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP39\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP40\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP41\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP42\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP43\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP44\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP46\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP47\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP48\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP49\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP50\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP51\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP52\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP53\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP54\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP55\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP56\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP57\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP58\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP59\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP60\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP61\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP62\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP63\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP64\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP65\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP66\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP67\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP68\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP69\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP70\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP71\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP72\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP73\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP74\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP75\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP76\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP77\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP78\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP79\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP80\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002315.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002316.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\A0002317.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP81\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\setar-101[1].0000 -> Adware.Yazzle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002693.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
D:\Downloads\MSN Plus!\install.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP45\A0001740.exe -> Downloader.Purity.dz : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b128.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\128[1].net -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002540.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\WPQ34LE7\104[1].net -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002546.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002695.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0002658.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\CP2BGXEF\103[1].net -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002545.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
:mozilla.101:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.8:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.44:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.100:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.78:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.37:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.46:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nb5m5uzj.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.88:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.85:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.45:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.94:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.18:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\MJ\Cookies\mj@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\y38ifnuo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP84\A0002541.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\WGlydA\q35VxE.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpisvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\MJ\My Documents\My Received Files\GDCS_1.4MODDED.rar/GDCS.exe -> Worm.Mytob.bt : Cleaned with backup (quarantined).
D:\CSS stuff\CSS hack\GDCS.exe -> Worm.Mytob.bt : Cleaned with backup (quarantined).

::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:12:00 PM, on 4/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Downloads\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\System32\WgaTray.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176159801359
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7087 bytes

scorpNZ · Apr 11, 2007

don't forget when backing up data you could also be backing up the very same malware your trying to repair things like hidden viruses & malware that reside in software apps,mp3's,GIF's and any email attachments,here's a few things that can alleviate any future problems google them and decide
sandboxie
MSVPC-microsoft virtual pc 20004 or 2007
VMWARE

Remember after a full destructive reformat and not just a flimsey overwrite the first thing needed to be activated is a firewall then head straight to microsoft update and don't leave till OS is fully patched,next install antivirus software,data that you saved should not be installed untill tested ok which could mean being used inside a virtual machine first

xirt · Apr 11, 2007

Alrighty thanks, but I'm just wondering if that Ipwins thing is still something I should worry about on the Hijackthis report.

KotaGuy · Apr 11, 2007

Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

Run and scan with HijackThis and place checks beside the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{342DA~1\Bar888.dll (file missing)
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [riuw] C:\PROGRA~1\COMMON~1\riuw\riuwm.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)

Close all open browsers/windows and click the Fix button.

Click Start>Run type in cmd and hit Enter. From the command prompt type in:

sc delete Client IP-IPX

And hit Enter. Exit the command console.

Boot into Safe Mode.

Search for and delete the following Folders:

C:\Program Files\Ipwindows
C:\PROGRA~1\COMMON~1\riuw

Search for and delete the following File:

C:\WINDOWS\System32\svchosts.exe

NOTE: Do NOT delete C:\WINDOWS\System32\svchost.exe. That is a valid file. Delete only C:\WINDOWS\System32\svchosts.exe

Empty your Recycle Bin.

Reboot Windows normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

[*]The program will launch and then begin downloading the latest definition files:
[*]Once the files have been downloaded click on NEXT
[*]Now click on Scan Settings
[*]In the scan settings make that the following are selected:

[*]Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

[*]Scan Options:

Scan Archives Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button:
[*]Save the file to your desktop.

Copy/paste the contents of the file in your next reply along with a new HijackThis log please.

Log in or Sign up

Virus problems...can't use hijackthis

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

scorpNZ Active member

xirt Member

KotaGuy Regular member

Share This Page

Log in or Sign up

Virus problems...can't use hijackthis

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

KotaGuy Regular member

xirt Member

scorpNZ Active member

xirt Member

KotaGuy Regular member

Share This Page

Useful Searches