Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

spyware sucks

Last »

•

Join Date: Oct 2005

Posts: 14

Reputation: superdairyboy is an unknown quantity at this point

Solved Threads: 0

superdairyboy superdairyboy is offline

Offline

Newbie Poster

spyware sucks

Oct 25th, 2005

I see the sticky post from CSCGAL concerning hijack logs to be posted in the security forum and not the windows form, But I can not find the security forum. so here goes and if it gets moved hopefully I can find it.
Got hit tonight with several spyware things installing on the ole computer. Was able to clean just about all of them off. I even got that yupsearch bar off. But Still seem to be getting some pop ups and (not sure what the tech term is) text that is highlighted as links that would normally not be on web pages.
Here is a copy of my Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 3:16:01 AM, on 10/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\qekjynq.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\upmoioj.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aw2000\AW2000.exe
C:\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsa4D1.dll
O2 - BHO: (no name) - {92617934-9abc-def0-0fed-fad48c654321} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflex...ex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflex...merceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/ji...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

Thanks
Brian

•

Join Date: Jul 2005

Posts: 642

Reputation: swatkat is an unknown quantity at this point

Solved Threads: 50

swatkat

Offline

Small Town Boy

Re: spyware sucks

Oct 25th, 2005

Hi,
Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update".
After the update process, click on the "Scanner" button in the left menu, then click on the "Complete System Scan" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

After scanning with Ewido, run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.

•

Join Date: Oct 2005

Posts: 14

Reputation: superdairyboy is an unknown quantity at this point

Solved Threads: 0

superdairyboy superdairyboy is offline

Offline

Newbie Poster

Re: spyware sucks

Oct 25th, 2005

Here is the ewido Log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:11:00 PM, 10/25/2005
+ Report-Checksum: E4345CD6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
C:\Aw2000\Attachments\pword_change.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
C:\Aw2000\Attachments\pword_change1.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
C:\Aw2000\Attachments\pword_change2.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
:mozilla.14:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.22:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.58:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.61:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.62:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.72:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.60:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.63:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.73:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.6:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.13:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.14:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4oiczklow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkokncjmhpa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkooocpaapq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkoukc5sgoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkyoicpsbqa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyakdjmhpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyggcpghpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjmionajceoq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqidjmhqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gdpofogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sazkfpa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuhdzofpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjnywmdjckpq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@100hot[1].txt -> Spyware.Cookie.100hot : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odzolqa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuocjehpq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlokjazolog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gazocpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jczkdqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lajsgogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1oazgdowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyajajogpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnychdpmhoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnycjdjifoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohc5cgpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuodzckpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@com[3].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@content.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4agc5iho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4kidpwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4kmczcco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4ogc5cko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4sidzsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4skczceq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4wkczedo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiagcpcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiahdzikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiaodziko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkikmajelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiokc5ieq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkionazekq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkismajkfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiwmajchq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkochcpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoepdpafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkogocpmgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkokidjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkokidpkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoklazieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoohc5kcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoqlc5kfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoslczifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkosodpcao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyehdjeep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyggc5gko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyghd5sco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyqgdzecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyspczeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliahcpkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflicndjahp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliejcjieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflikjd5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliolcpcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliqoazadq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflisicpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliujdjgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflogncjmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflyukcjwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflywnajobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmiojajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmiulcjmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmygidjafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkicndzclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkiepd5ghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkykidpwao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4akdpwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4cgajcep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4ghazkcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4gmcjmhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4khd5gao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4kkczgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4ohczakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4omazmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4opajikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4siajaao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoaiczgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoakajglo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoaocjofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkocjcjafq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoenazgap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoencpwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoepcjohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoepdpibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkokndjmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkokndzkbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoonc5ido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkooocjwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoqhd5mbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoukdpsap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoupdzklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowgc5klo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowidjwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowmcjmgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowndzebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyahc5mho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyakazadp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyaod5wfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkychdpkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyckcjacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyclczkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyehcpmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyehdzchq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyeocjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkygidpcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykhcpcdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykhcpkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykkajcaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykncpsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykoczcgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykpd5kco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykpdpskp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyohajodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyoiczeao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqidjgcq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqncpwbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqpajmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyumd5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyuoajmbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyuodpiho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4amcjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4gndzklp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4kgcjkaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4olcpebq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4onazmao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4qic5wgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4siczegp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4uhcjsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4uiajicp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4undzsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4whcjieo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4wmdzohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliahd5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliakcjiap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlichczslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlicmdjakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlicpcpkep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjligjcjwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlikpczsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliold5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliqldzwhq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlisjd5wko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlisndzwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliwjcjgcq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloaiczibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlococjmfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloepazeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloghajgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogkdjwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogmcpwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogndjwap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlokoc5kcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlooiczolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloojd5cao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloomdpghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlosocpmgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloulcjoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlouncpiko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloupd5oap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlowldjiaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlowpd5ifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyapd5gcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlycod5wco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlycpajedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyghdpcgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlygiajohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlygpdjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlykkdjgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlykldjoco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqkc5abo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqndjkgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqoczkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyshajeco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlysjdpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlysmcpobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyspdpwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyuidzocp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyukc5iao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlywpd5cfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmichazodq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmicpazklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiepczakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmigpajkfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmigpajolp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmikicpkdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmikmd5wgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiomc5sbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmisjcjmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmismd5wco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmisnazkcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiunajwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiwmcpsgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyahdjmeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmycnajwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyknajwgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyogczwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyomdzsco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyqod5aho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyqodzaao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmywlajeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1gcpob.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1ic5ag.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1icjmf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1id5wg.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1kazcc.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1nc5ab.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sajce.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sdjef.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sdzsg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyajcjacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyakazwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyamajkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnychd5kfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnychdpmho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyckd5kcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnycnajmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnycndzoho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyekd5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyelczmho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyeoajscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyepdjsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnygoazwhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyogcpmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoiajkdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoiczkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoidjcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoldjifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyond5sao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqgc5wgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqgdzweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqkazsko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqkc5mho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqocpkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqpcjkhq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyshazsbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnysidjwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnysjdjsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyskazebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyukazoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyumazocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnywidjkgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@powellsbooks.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4epd5kdpqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ugc5kaog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiamdzefqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiapajslogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiggcpmlqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkigjczagog2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkigpajggpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiooazelqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiopdjoloaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqjdjefpa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqoc5egogidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuod5olpgydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwgcpegpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoendjokpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokmc5gepg6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosldpedowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkowjczoepaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyamdjkdqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkychczcfpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyehdpkkoaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykjd5seoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflighajslpw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflioodzcbqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflokpd5cfpaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4alcjelpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aldjcepgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aoajweowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4chdzwfqa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cndjsbpw2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kidjibpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kldjiloasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4okd5aboqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qkdzedowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sjczwaqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whd5alpgidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoakcjcboq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkochdzmcowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkockdpibpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoegczkkpqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokhdjgcpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokjcjoaoq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoopajiboa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqidjkfqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosidzweoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosnc5ecpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkounc5kkoqudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkouodpkfoaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkouodzmcpwqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowocjglogmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyajcpobowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyaldpefpwydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyandjalpwqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycgdpmkogidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkychdzcaoa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyckdpgkoq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyekcjmapqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyenczkkoaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyggd5ifoawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyghczgdowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygpczsdpaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygpd5akoaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygpd5kdoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykldzclow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyopcpkbqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqjc5ckqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqkcjcaogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqncpwbqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjajkeoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyslcpokpgydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysmazshpaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysmczcapasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysnajmkpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyspdjscpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuiazclog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyujdpebogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4aic5mbpwudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4gmczweogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ooc5wkowidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ukdjohowydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wgajocpwqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4whcjieogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliahc5mgqqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlieiazifoqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliejdjeapaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjligoazicoqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliklcpwkqqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlikmc5gepawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlioidpckoq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqjdzwfowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlochazidpqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlockcpekoa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlocnazihqaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloejcjaapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloeldzwcpamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloglcpakqaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokpczakowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloojcpigog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloojczehpqudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloojdpslpqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlooncjiapgqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyamczghqaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyaoajwaqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyaodpkdqaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycidjgbow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyckcjoeoqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycncjefpwydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyelc5igpqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyend5ckpg2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyeocpckpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlygjc5ifoaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykhczsaow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykldjocoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykmcpccogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyoiczwepaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyokcpscpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyolcpkcqq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlysjc5elogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyskd5ihpq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyunajmkogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlywoc5afogsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmickdzihoaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmicpazklow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmisjc5iapqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmislc5ibpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiuhcpohpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwhdjkhpaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwicjilpgidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwpcjklqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyapdpckpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyeoczehogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygpazskpa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykmcjkfqq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyqjdjkkpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmysjcjaapwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyskc5kcoqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmysndzohpasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyspcjggqaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmywkdjccpa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyajcpkhogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyandzcdowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyckajkfqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyckd5gfqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycnazkbog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycpd5ckpgqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyejajghpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyejd5ohpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyghdjwcpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygiczalpamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygnc5gdogsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygpcpcboaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohdjidqqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoiajieoqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoiajkdqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoidjedpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyokczmdoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyolc5okpg6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoldjifog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoldzocogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyomazwloamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondjmlpasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyopdzkaoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqgdzweogmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqhajoepq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqhczwgowqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqnc5seoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqncpklpg6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqpdpsgpg6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqpdpwbowydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysidzeeqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyspdpigowwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuhazaaqqudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuncjeeowqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuncpebowidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuoajicpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywgazgaoqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywgczckpqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywkd5cdqaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\1180162_148252_1032_148416_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\131322_2264_1076_3372_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\131654_6796_984_6884_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\197558_4676_984_11348_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\327960_2072_984_16436_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\328526_4676_984_19540_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\393650_1800_1032_152240_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\524864_27672_576_27756_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\65934_4676_984_5948_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\66186_2072_984_7332_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\66386_7900_984_8008_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@buycom.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@e-2dj6wjkyglcjiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@e-2dj6wjkyuncpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@e-2dj6wjnychdpmho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Cookies\dairyboy@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\k_60CF.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\k_7D4D.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\k_8F31.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\k_9FEB.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\k_A8DB.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Temporary Internet Files\Content.IE5\294JQDC5\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temp\Temporary Internet Files\Content.IE5\SPMN6ZG1\trk_0031[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temporary Internet Files\Content.IE5\156G5OV2\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\dairyboy\Local Settings\Temporary Internet Files\Content.IE5\X0KRD54T\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\71ABC7D1-426D-4738-9BF8-99A6E6\C545D4B7-5878-4984-83EC-697B71 -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\AOP2.exe -> Trojan.Crypt.t : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\Temp\k_21E.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\Temp\k_938B.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\Temp\k_B24.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\Temp\k_F2EA.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\ZGFpcnlib3kA\asappsrv.dll -> Spyware.CommAd : Cleaned with backup

::Report End

Here is the Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 6:12:36 PM, on 10/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\qekjynq.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\upmoioj.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Aw2000\AW2000.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\cuteftppro.exe
C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsa4D1.dll
O2 - BHO: (no name) - {92617934-9abc-def0-0fed-fad48c654321} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflex...ex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflex...merceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/ji...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

•

Join Date: Jul 2005

Posts: 642

Reputation: swatkat is an unknown quantity at this point

Solved Threads: 50

swatkat

Offline

Small Town Boy

Re: spyware sucks

Oct 26th, 2005

Hi,
Download CleanUp and install it. Do not run it now.

Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options.
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Command Service (cmdService) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".

Do the same process (of stopping and disabling) for this Service too:-
Windows Overlay Components

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsa4D1.dll
O2 - BHO: (no name) - {92617934-9abc-def0-0fed-fad48c654321} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Exit from HijackThis. Delete these files:-
C:\Aw2000\Attachments\pword_change.zip
C:\WINDOWS\qekjynq.exe
C:\WINDOWS\upmoioj.exe
C:\WINDOWS\ZGFpcnlib3kA\command.exe

Run CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.

Reboot to Normal Mode. Perform an online virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Panda ActiveScan log.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.

•

Join Date: Oct 2005

Posts: 14

Reputation: superdairyboy is an unknown quantity at this point

Solved Threads: 0

superdairyboy superdairyboy is offline

Offline

Newbie Poster

Re: spyware sucks

Oct 28th, 2005

HI

Great looks like we got rid of the linking spyware. not sure about the pop up ad one as I have not seen any pop up ads yet.

You instructed me to:
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Command Service (cmdService) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".

Do the same process (of stopping and disabling) for this Service too:-
Windows Overlay Components

These were both already Stopped.

There were 3 entries that you told me to check in HijackThis while in safe mode, but they were not there. they are listed below.

O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

I do not see any of these entries in the current HijackThis Scan Either

While in Safe mode I could NOT find and delete the following files.

C:\WINDOWS\qekjynq.exe
C:\WINDOWS\upmoioj.exe
C:\WINDOWS\ZGFpcnlib3kA\command.exe

I do not find any of these files on my computer currently Either

Ok here is the Hijack This Log.

Logfile of HijackThis v1.99.1
Scan saved at 7:40:38 AM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\uqytooc.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [uqytooc] C:\WINDOWS\uqytooc.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflex...ex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflex...merceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/ji...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

And here is the Panda Log

Incident Status Location

Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\91EF639A-6E59-4350-9437-974A0D\D2DD665D-F582-441E-893F-D924AB

It found no viruses just a Spyware.

Looks like we killed all the Spyware. Have not gotten any popups.

Also Should I go back an Hide the protected windows files and the start the Command Service & Windows Overlay Components?

Brian

•

Join Date: Jul 2005

Posts: 642

Reputation: swatkat is an unknown quantity at this point

Solved Threads: 50

swatkat

Offline

Small Town Boy

Re: spyware sucks

Oct 28th, 2005

Hi,
Still some "bad" thing is present there! This file -> C:\WINDOWS\uqytooc.exe , should not be there.

We have to remove these things manually. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.

BTW, do not start those Services again, they are related to viruses.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.

•

Join Date: Oct 2005

Posts: 14

Reputation: superdairyboy is an unknown quantity at this point

Solved Threads: 0

superdairyboy superdairyboy is offline

Offline

Newbie Poster

Re: spyware sucks

Oct 28th, 2005

Here is the log from Widfind

Brian

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 10/24/2005 10:27:54 PM 150016 C:\WINDOWS\SYSTEM32\202_app13.exe
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 10/20/2005 8:53:16 PM 67584 C:\WINDOWS\SYSTEM32\nsa4D1.dll
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/28/2005 5:34:20 PM S 2048 C:\WINDOWS\bootstat.dat
10/28/2005 5:45:24 PM H 24 C:\WINDOWS\prK7N
10/18/2005 3:05:40 AM H 54156 C:\WINDOWS\QTFont.qfn
8/31/2005 9:51:28 PM H 0 C:\WINDOWS\inf\oem29.inf
8/31/2005 11:12:10 PM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/31/2005 11:12:12 PM RHS 27774 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
10/28/2005 5:34:48 PM H 1024 C:\WINDOWS\system32\config\default.LOG
10/28/2005 5:34:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/28/2005 5:34:48 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10/28/2005 5:44:56 PM H 1024 C:\WINDOWS\system32\config\software.LOG
10/28/2005 5:35:50 PM H 1024 C:\WINDOWS\system32\config\system.LOG
8/31/2005 10:20:56 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9U7CDMB\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1YR4PYZ\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OH8FY5E5\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQVCLYF\desktop.ini
9/1/2005 12:16:22 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f28efdac-cc03-4d83-8d61-9a56270caf3d
9/1/2005 12:16:22 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/28/2005 5:34:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/19/2003 3:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 4/22/2005 6:41:40 PM 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 2/20/2003 5:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 2/20/2003 5:39:50 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/27/2005 9:30:48 PM 793 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/27/2004 5:55:02 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/22/2005 2:58:08 PM 1216 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
6/12/2005 1:58:28 PM 6655 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2/9/2005 9:52:26 PM 157 C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
2/27/2004 12:08:42 PM 0 C:\Documents and Settings\All Users\Application Data\REGISTRY.INI

Checking files in %USERPROFILE%\Startup folder...
11/27/2004 5:55:02 PM HS 84 C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM HS 62 C:\Documents and Settings\dairyboy\Application Data\desktop.ini
11/19/2004 3:12:52 AM 6099 C:\Documents and Settings\dairyboy\Application Data\dw.log
10/29/2004 6:30:04 PM 47888 C:\Documents and Settings\dairyboy\Application Data\GDIPFONTCACHEV1.DAT
1/2/2005 8:17:02 PM 83 C:\Documents and Settings\dairyboy\Application Data\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText = ATI TV :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText = @shdoclc.dll,-866 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
uqytooc C:\WINDOWS\uqytooc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ATI DeviceDetect C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item ATI CATALYST System Tray
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item ATI CATALYST System Tray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item Billminder
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item Billminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetShow PowerPoint Helper.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item NetShow PowerPoint Helper
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item NetShow PowerPoint Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Event Reminder.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkStartup
location Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkStartup
location Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item OpenOffice.org 1.1.4
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item OpenOffice.org 1.1.4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item launchpd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item launchpd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/28/2005 5:45:47 PM

•

Join Date: Jul 2005

Posts: 642

Reputation: swatkat is an unknown quantity at this point

Solved Threads: 50

swatkat

Offline

Small Town Boy

Re: spyware sucks

Oct 29th, 2005

Hi,
Open an empty file in NotePad and copy the contents of the below "Quote" box:

•

cd %windir%
cd SYSTEM32
attrib -s -r -h nsa4D1.dll
del nsa4D1.dll
attrib -s -r -h 202_app13.exe
del 202_app13.exe
cd %windir%
attrib -s -r -h uqytooc.exe
del uqytooc.exe
attrib -s -r -h prK7N
del prK7N

Go to File Menu (in NotePad) > Save AS and type the filename as Test.BAT and save the file.

Boot the PC in safe mode.

Double-click on the Test.BAT file, a DOS type window should open and close by itself.

Run HijackThis and select the below entry and click "Fix Checked" to remove it:-
O4 - HKLM\..\Run: [uqytooc] C:\WINDOWS\uqytooc.exe

Reboot the PC to normal mode and please post a new HijackThis and WinPFind log.

Also, post back whether you receive pop-ups while browsing Internet?

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.

•

Join Date: Oct 2005

Posts: 14

Reputation: superdairyboy is an unknown quantity at this point

Solved Threads: 0

superdairyboy superdairyboy is offline

Offline

Newbie Poster

Re: spyware sucks

Oct 29th, 2005

Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:06:55 AM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Aw2000\AW2000.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\My Documents\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflex...ex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflex...merceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/ji...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Winpscan Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/29/2005 10:04:38 AM S 2048 C:\WINDOWS\bootstat.dat
10/29/2005 10:21:10 AM H 24 C:\WINDOWS\prK7N
10/18/2005 3:05:40 AM H 54156 C:\WINDOWS\QTFont.qfn
8/31/2005 9:51:28 PM H 0 C:\WINDOWS\inf\oem29.inf
8/31/2005 11:12:10 PM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/31/2005 11:12:12 PM RHS 27774 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
10/29/2005 10:05:28 AM H 1024 C:\WINDOWS\system32\config\default.LOG
10/29/2005 10:04:42 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/29/2005 10:05:28 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10/29/2005 10:21:00 AM H 1024 C:\WINDOWS\system32\config\software.LOG
10/29/2005 10:05:44 AM H 1024 C:\WINDOWS\system32\config\system.LOG
8/31/2005 10:20:56 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9U7CDMB\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1YR4PYZ\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OH8FY5E5\desktop.ini
10/28/2005 4:08:02 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQVCLYF\desktop.ini
9/1/2005 12:16:22 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f28efdac-cc03-4d83-8d61-9a56270caf3d
9/1/2005 12:16:22 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/29/2005 10:04:40 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/19/2003 3:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 4/22/2005 6:41:40 PM 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 2/20/2003 5:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 2/20/2003 5:39:50 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/27/2005 9:30:48 PM 793 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/27/2004 5:55:02 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/22/2005 2:58:08 PM 1216 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
6/12/2005 1:58:28 PM 6655 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2/9/2005 9:52:26 PM 157 C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
2/27/2004 12:08:42 PM 0 C:\Documents and Settings\All Users\Application Data\REGISTRY.INI

Checking files in %USERPROFILE%\Startup folder...
11/27/2004 5:55:02 PM HS 84 C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM HS 62 C:\Documents and Settings\dairyboy\Application Data\desktop.ini
11/19/2004 3:12:52 AM 6099 C:\Documents and Settings\dairyboy\Application Data\dw.log
10/29/2004 6:30:04 PM 47888 C:\Documents and Settings\dairyboy\Application Data\GDIPFONTCACHEV1.DAT
1/2/2005 8:17:02 PM 83 C:\Documents and Settings\dairyboy\Application Data\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText = ATI TV :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText = @shdoclc.dll,-866 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ATI DeviceDetect C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item ATI CATALYST System Tray
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item ATI CATALYST System Tray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item Billminder
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item Billminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetShow PowerPoint Helper.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item NetShow PowerPoint Helper
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item NetShow PowerPoint Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Event Reminder.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkStartup
location Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup C:\WINDOWS\pss\Event Reminder.lnkStartup
location Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item Event Reminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item OpenOffice.org 1.1.4
path C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item OpenOffice.org 1.1.4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item launchpd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item launchpd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/29/2005 10:21:46 AM

Seems Like the Pop ups are Gone. We have also Been Experiencing the "BLUE SCREEN" IRQ errors. I assume it was from the spyware. We will find out if they are gone also.

Brian

•

Join Date: Jul 2005

Posts: 642

Reputation: swatkat is an unknown quantity at this point

Solved Threads: 50

swatkat

Offline

Small Town Boy

Re: spyware sucks

#10

Oct 29th, 2005

Hi,
Log is looking "almost" clean. There are some stray Registry entries that are to be removed. Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.