spyware sucks

Hi,
Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update".
After the update process, click on the "Scanner" button in the left menu, then click on the "Complete System Scan" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

After scanning with Ewido, run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.

Here is the ewido Log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           6:11:00 PM, 10/25/2005
+ Report-Checksum:      E4345CD6


+ Scan result:


HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
C:\Aw2000\Attachments\pword_change.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
C:\Aw2000\Attachments\pword_change1.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
C:\Aw2000\Attachments\pword_change2.zip/PW_Klass.Pic.packed-bitmap.exe -> Worm.Sober.s : Error during cleaning
:mozilla.14:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.22:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.58:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.61:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.62:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.72:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.60:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.63:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.73:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\Default User\8iruuxjz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.6:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.13:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.14:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dairyboy\Application Data\Phoenix\Profiles\default\doankfgq.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4oiczklow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkokncjmhpa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkooocpaapq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkoukc5sgoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjkyoicpsbqa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyakdjmhpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyggcpghpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjmionajceoq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqidjmhqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gdpofogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sazkfpa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuhdzofpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@-1shz2prbmdj6wvny-1sez2pra2dj6wjnywmdjckpq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@100hot[1].txt -> Spyware.Cookie.100hot : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odzolqa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuocjehpq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlokjazolog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gazocpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jczkdqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lajsgogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1oazgdowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyajajogpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnychdpmhoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnycjdjifoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohc5cgpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuodzckpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@com[3].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@content.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4agc5iho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4kidpwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4kmczcco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4ogc5cko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4sidzsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4skczceq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfk4wkczedo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiagcpcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiahdzikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiaodziko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkikmajelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiokc5ieq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkionazekq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkismajkfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkiwmajchq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkochcpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoepdpafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkogocpmgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkokidjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkokidpkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoklazieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoohc5kcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoqlc5kfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkoslczifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkosodpcao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyehdjeep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyggc5gko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyghd5sco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyqgdzecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfkyspczeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliahcpkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflicndjahp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliejcjieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflikjd5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliolcpcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliqoazadq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflisicpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfliujdjgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflogncjmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflyukcjwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wflywnajobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmiojajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmiulcjmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wfmygidjafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkicndzclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkiepd5ghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wgkykidpwao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4akdpwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4cgajcep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4ghazkcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4gmcjmhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4khd5gao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4kkczgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4ohczakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4omazmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4opajikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjk4siajaao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoaiczgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoakajglo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoaocjofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkocjcjafq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoenazgap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoencpwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoepcjohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoepdpibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkokndjmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkokndzkbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoonc5ido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkooocjwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoqhd5mbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoukdpsap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkoupdzklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowgc5klo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowidjwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowmcjmgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkowndzebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyahc5mho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyakazadp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyaod5wfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkychdpkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyckcjacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyclczkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyehcpmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyehdzchq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyeocjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkygidpcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykhcpcdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykhcpkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykkajcaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykncpsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykoczcgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykpd5kco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkykpdpskp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyohajodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyoiczeao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqidjgcq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqncpwbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyqpajmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyumd5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyuoajmbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjkyuodpiho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4amcjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4gndzklp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4kgcjkaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4olcpebq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4onazmao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4qic5wgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4siczegp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4uhcjsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4uiajicp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4undzsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4whcjieo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjl4wmdzohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliahd5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliakcjiap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlichczslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlicmdjakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlicpcpkep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjligjcjwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlikpczsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliold5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliqldzwhq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlisjd5wko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlisndzwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjliwjcjgcq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloaiczibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlococjmfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloepazeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloghajgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogkdjwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogmcpwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlogndjwap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlokoc5kcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlooiczolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloojd5cao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloomdpghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlosocpmgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloulcjoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlouncpiko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjloupd5oap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlowldjiaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlowpd5ifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyapd5gcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlycod5wco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlycpajedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyghdpcgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlygiajohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlygpdjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlykkdjgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlykldjoco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqkc5abo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqndjkgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyqoczkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyshajeco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlysjdpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlysmcpobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyspdpwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyuidzocp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlyukc5iao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjlywpd5cfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmichazodq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmicpazklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiepczakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmigpajkfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmigpajolp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmikicpkdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmikmd5wgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiomc5sbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmisjcjmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmismd5wco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmisnazkcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiunajwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmiwmcpsgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyahdjmeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmycnajwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyknajwgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyogczwlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyomdzsco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyqod5aho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmyqodzaao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjmywlajeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1gcpob.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1ic5ag.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1icjmf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1id5wg.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1kazcc.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1nc5ab.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sajce.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sdjef.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjny-1sdzsg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyajcjacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyakazwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyamajkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnychd5kfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnychdpmho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyckd5kcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnycnajmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnycndzoho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyekd5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyelczmho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyeoajscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyepdjsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnygoazwhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyogcpmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoiajkdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoiczkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoidjcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyoldjifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyond5sao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqgc5wgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqgdzweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqkazsko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqkc5mho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqocpkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyqpcjkhq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyshazsbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnysidjwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnysjdjsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyskazebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyukazoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyumazocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@e-2dj6wjnywidjkgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@powellsbooks.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4epd5kdpqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ugc5kaog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiamdzefqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiapajslogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiggcpmlqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkigjczagog2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkigpajggpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiooazelqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiopdjoloaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqjdjefpa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqoc5egogidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuod5olpgydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwgcpegpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoendjokpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokmc5gepg6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosldpedowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkowjczoepaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyamdjkdqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkychczcfpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyehdpkkoaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykjd5seoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflighajslpw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflioodzcbqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wflokpd5cfpaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4alcjelpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aldjcepgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aoajweowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4chdzwfqa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cndjsbpw2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kidjibpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kldjiloasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4okd5aboqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qkdzedowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sjczwaqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whd5alpgidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoakcjcboq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkochdzmcowudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkockdpibpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoegczkkpqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokhdjgcpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokjcjoaoq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoopajiboa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqidjkfqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosidzweoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dairyboy\Cookies\dairyboy@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosnc

Hi,
Download CleanUp and install it. Do not run it now.

Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options.
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Command Service (cmdService) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".

Do the same process (of stopping and disabling) for this Service too:-
Windows Overlay Components

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsa4D1.dll
O2 - BHO: (no name) - {92617934-9abc-def0-0fed-fad48c654321} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Exit from HijackThis. Delete these files:-
C:\Aw2000\Attachments\pword_change.zip
C:\WINDOWS\qekjynq.exe
C:\WINDOWS\upmoioj.exe
C:\WINDOWS\ZGFpcnlib3kA\command.exe

Run CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.

Reboot to Normal Mode. Perform an online virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Panda ActiveScan log.

HI

Great looks like we got rid of the linking spyware. not sure about the pop up ad one as I have not seen any pop up ads yet.

You instructed me to:
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Command Service (cmdService) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".

Do the same process (of stopping and disabling) for this Service too:-
Windows Overlay Components

These were both already Stopped.

There were 3 entries that you told me to check in HijackThis while in safe mode, but they were not there. they are listed below.

O4 - HKLM\..\Run: [upmoioj] C:\WINDOWS\upmoioj.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFpcnlib3kA\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qekjynq.exe

I do not see any of these entries in the current HijackThis Scan Either

While in Safe mode I could NOT find and delete the following files.

C:\WINDOWS\qekjynq.exe
C:\WINDOWS\upmoioj.exe
C:\WINDOWS\ZGFpcnlib3kA\command.exe

I do not find any of these files on my computer currently Either

Ok here is the Hijack This Log.

Logfile of HijackThis v1.99.1
Scan saved at 7:40:38 AM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\uqytooc.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [uqytooc] C:\WINDOWS\uqytooc.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/AceCommerceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

And here is the Panda Log

Incident Status Location

Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\91EF639A-6E59-4350-9437-974A0D\D2DD665D-F582-441E-893F-D924AB

It found no viruses just a Spyware.

Looks like we killed all the Spyware. Have not gotten any popups.

Also Should I go back an Hide the protected windows files and the start the Command Service & Windows Overlay Components?

Brian

Hi,
Still some "bad" thing is present there! This file -> C:\WINDOWS\uqytooc.exe , should not be there.

We have to remove these things manually. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.

BTW, do not start those Services again, they are related to viruses.

Here is the log from Widfind

Brian

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...


Checking %System% folder...
UPX!                 10/24/2005 10:27:54 PM      150016     C:\WINDOWS\SYSTEM32\202_app13.exe
PEC2                 8/23/2001 8:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 6/9/2005 4:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           6/9/2005 4:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           8/4/2005 10:01:54 AM        1449304    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2005 10:01:54 AM        1449304    C:\WINDOWS\SYSTEM32\MRT.exe
UPX!                 10/20/2005 8:53:16 PM       67584      C:\WINDOWS\SYSTEM32\nsa4D1.dll
Umonitor             8/29/2002 6:41:10 AM        631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/23/2001 8:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/28/2005 5:34:20 PM     S 2048       C:\WINDOWS\bootstat.dat
10/28/2005 5:45:24 PM    H  24         C:\WINDOWS\prK7N
10/18/2005 3:05:40 AM    H  54156      C:\WINDOWS\QTFont.qfn
8/31/2005 9:51:28 PM     H  0          C:\WINDOWS\inf\oem29.inf
8/31/2005 11:12:10 PM   RHS 70111      C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/31/2005 11:12:12 PM   RHS 27774      C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
10/28/2005 5:34:48 PM    H  1024       C:\WINDOWS\system32\config\default.LOG
10/28/2005 5:34:22 PM    H  1024       C:\WINDOWS\system32\config\SAM.LOG
10/28/2005 5:34:48 PM    H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
10/28/2005 5:44:56 PM    H  1024       C:\WINDOWS\system32\config\software.LOG
10/28/2005 5:35:50 PM    H  1024       C:\WINDOWS\system32\config\system.LOG
8/31/2005 10:20:56 PM    H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9U7CDMB\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1YR4PYZ\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OH8FY5E5\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQVCLYF\desktop.ini
9/1/2005 12:16:22 AM     HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f28efdac-cc03-4d83-8d61-9a56270caf3d
9/1/2005 12:16:22 AM     HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/28/2005 5:34:24 PM    H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
8/19/2003 3:20:04 AM        180224     C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM       183808     C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation          8/29/2002 6:41:28 AM        129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        65536      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         4/22/2005 6:41:40 PM        49262      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          2/20/2003 5:39:50 PM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 7:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          2/20/2003 5:39:50 PM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
9/27/2005 9:30:48 PM        793        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/27/2004 5:55:02 PM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/22/2005 2:58:08 PM        1216       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
6/12/2005 1:58:28 PM        6655       C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2/9/2005 9:52:26 PM         157        C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
2/27/2004 12:08:42 PM       0          C:\Documents and Settings\All Users\Application Data\REGISTRY.INI


Checking files in %USERPROFILE%\Startup folder...
11/27/2004 5:55:02 PM    HS 84         C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM    HS 62         C:\Documents and Settings\dairyboy\Application Data\desktop.ini
11/19/2004 3:12:52 AM       6099       C:\Documents and Settings\dairyboy\Application Data\dw.log
10/29/2004 6:30:04 PM       47888      C:\Documents and Settings\dairyboy\Application Data\GDIPFONTCACHEV1.DAT
1/2/2005 8:17:02 PM         83         C:\Documents and Settings\dairyboy\Application Data\sversion.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5     =


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9}   = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F}   = &Google  : c:\program files\google\googletoolbar2.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText   = ATI TV   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText     = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText   = AIM  : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText   = @shdoclc.dll,-866    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched  C:\Program Files\Java\jre1.5.0\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
ATICCC  "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
QuickTime Task  "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ    "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
uqytooc C:\WINDOWS\uqytooc.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


ATI DeviceDetect    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control  C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetShow PowerPoint Helper.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 0
services    0
startup 2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/28/2005 5:45:47 PM

Hi,
Open an empty file in NotePad and copy the contents of the below "Quote" box:

cd %windir%
cd SYSTEM32
attrib -s -r -h nsa4D1.dll
del nsa4D1.dll
attrib -s -r -h 202_app13.exe
del 202_app13.exe
cd %windir%
attrib -s -r -h uqytooc.exe
del uqytooc.exe
attrib -s -r -h prK7N
del prK7N

Go to File Menu (in NotePad) > Save AS and type the filename as Test.BAT and save the file.

Boot the PC in safe mode.

Double-click on the Test.BAT file, a DOS type window should open and close by itself.

Run HijackThis and select the below entry and click "Fix Checked" to remove it:-
O4 - HKLM\..\Run: [uqytooc] C:\WINDOWS\uqytooc.exe

Reboot the PC to normal mode and please post a new HijackThis and WinPFind log.

Also, post back whether you receive pop-ups while browsing Internet?

Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:06:55 AM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Aw2000\AW2000.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\My Documents\Hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/AceCommerceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


Winpscan Log


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...


Checking %System% folder...
PEC2                 8/23/2001 8:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 6/9/2005 4:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           6/9/2005 4:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           8/4/2005 10:01:54 AM        1449304    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2005 10:01:54 AM        1449304    C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor             8/29/2002 6:41:10 AM        631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/23/2001 8:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/29/2005 10:04:38 AM    S 2048       C:\WINDOWS\bootstat.dat
10/29/2005 10:21:10 AM   H  24         C:\WINDOWS\prK7N
10/18/2005 3:05:40 AM    H  54156      C:\WINDOWS\QTFont.qfn
8/31/2005 9:51:28 PM     H  0          C:\WINDOWS\inf\oem29.inf
8/31/2005 11:12:10 PM   RHS 70111      C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/31/2005 11:12:12 PM   RHS 27774      C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
10/29/2005 10:05:28 AM   H  1024       C:\WINDOWS\system32\config\default.LOG
10/29/2005 10:04:42 AM   H  1024       C:\WINDOWS\system32\config\SAM.LOG
10/29/2005 10:05:28 AM   H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
10/29/2005 10:21:00 AM   H  1024       C:\WINDOWS\system32\config\software.LOG
10/29/2005 10:05:44 AM   H  1024       C:\WINDOWS\system32\config\system.LOG
8/31/2005 10:20:56 PM    H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9U7CDMB\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1YR4PYZ\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OH8FY5E5\desktop.ini
10/28/2005 4:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQVCLYF\desktop.ini
9/1/2005 12:16:22 AM     HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f28efdac-cc03-4d83-8d61-9a56270caf3d
9/1/2005 12:16:22 AM     HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/29/2005 10:04:40 AM   H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
8/19/2003 3:20:04 AM        180224     C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM       183808     C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation          8/29/2002 6:41:28 AM        129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        65536      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         4/22/2005 6:41:40 PM        49262      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          2/20/2003 5:39:50 PM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 7:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/29/2002 6:41:28 AM        268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          2/20/2003 5:39:50 PM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/23/2001 8:00:00 AM        90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
9/27/2005 9:30:48 PM        793        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/27/2004 5:55:02 PM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/22/2005 2:58:08 PM        1216       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
6/12/2005 1:58:28 PM        6655       C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2/9/2005 9:52:26 PM         157        C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
2/27/2004 12:08:42 PM       0          C:\Documents and Settings\All Users\Application Data\REGISTRY.INI


Checking files in %USERPROFILE%\Startup folder...
11/27/2004 5:55:02 PM    HS 84         C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
11/27/2004 8:51:10 AM    HS 62         C:\Documents and Settings\dairyboy\Application Data\desktop.ini
11/19/2004 3:12:52 AM       6099       C:\Documents and Settings\dairyboy\Application Data\dw.log
10/29/2004 6:30:04 PM       47888      C:\Documents and Settings\dairyboy\Application Data\GDIPFONTCACHEV1.DAT
1/2/2005 8:17:02 PM         83         C:\Documents and Settings\dairyboy\Application Data\sversion.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5     =


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9}   = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F}   = &Google  : c:\program files\google\googletoolbar2.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText   = ATI TV   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText     = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText   = AIM  : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText   = @shdoclc.dll,-866    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched  C:\Program Files\Java\jre1.5.0\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
ATICCC  "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
QuickTime Task  "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ    "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


ATI DeviceDetect    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control  C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetShow PowerPoint Helper.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 0
services    0
startup 2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/29/2005 10:21:46 AM

Seems Like the Pop ups are Gone. We have also Been Experiencing the "BLUE SCREEN" IRQ errors. I assume it was from the spyware. We will find out if they are gone also.

Brian

Hi,
Log is looking "almost" clean. There are some stray Registry entries that are to be removed. Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Ok Great

Have not seen any popup ads todays. So Looks like we got it. We are still getting "the Blue Screen of Death" Hopefully those 3 entries may have been the cause.

Here is the latest Hijack this file

Logfile of HijackThis v1.99.1
Scan saved at 6:50:20 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\My Documents\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/AceCommerceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks
Brian

Hi,
Log looks clean. But, those "Blue Screen Of Deaths" can be due to some other reasons like missing or corrupt system files, "bad" device drivers etc. If the BSOD occurs next time, can you provide the information about the type of error it displays (it wil display some text and some numbers) ?

Ok Here is the STOP Data. Stop: 0x0000008E (0xc0000005, 0x821FB27C, 0XA8690B6C, 0X00000000)

Also Had two Pop ups come up this evening.

HJT log below

Thanks
Again Brian

Logfile of HijackThis v1.99.1
Scan saved at 12:27:33 AM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aw2000\AW2000.exe
C:\WINDOWS\System32\devldr32.exe
C:\My Documents\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/AceCommerceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Hi,
Log looks clean. Can you tell what type of pop-ups you are getting ?

And for the BSOD, it can be due to corrupt/incompatible/old Graphics driver or due to faulty RAM modules.

Try upgrading the graphics drivers by downloading latest versions from ATi. Uninstall older drivers before installing new one.

If this doesnt help, check the RAM modules. You can use MemTest86 to test the RAM.
http://www.memtest86.com/

This thread has some information about that Stop error.

I see the sticky post from CSCGAL concerning hijack logs to be posted in the security forum and not the windows form, But I can not find the security forum. so here goes and if it gets moved hopefully I can find it.

Sorry about that! The Security forum was renamed Spyware and Viruses some time ago ... it must have been an old post :(

Hi,
Log looks clean. Can you tell what type of pop-ups you are getting ?

And for the BSOD, it can be due to corrupt/incompatible/old Graphics driver or due to faulty RAM modules.

Try upgrading the graphics drivers by downloading latest versions from ATi. Uninstall older drivers before installing new one.

If this doesnt help, check the RAM modules. You can use MemTest86 to test the RAM.
http://www.memtest86.com/

This thread has some information about that Stop error.

Ok

The Popups we keep getting are "search the Web" "ebay" Half.com" "Casanova Casino (or something similar)" some Spyware/anti virus software These are the SAme one we started to get when we got the soyware.

Also

The Blue screens I've narowed down to happening when we run a bit torrent. does not seem to matter what cliet we use. Azureus or Bit Tornado. If we are not running a bit torrent no Blue screens.
We ran Memtest86 and all is good, and we the the curent video drivers.

About 6 months ago we had problem with blue screens after a friend installed a couple thing on the computer. once we uninstalled them the blue screens went away.

Brian

Sorry about that! The Security forum was renamed Spyware and Viruses some time ago ... it must have been an old post :(

Hey your post(anouncment) is at the top of the Viruses, Spyware & other Nasties forum.

Brian

Did some web surfing the other night and the we just got pop up ads galore. Gave it some fresh keywords and we got alsorts of pop ups. If you need me to post a new Hijack log I will

Brian

Hi,
Sorry for replying late. Yes, please post a new HijackThis log and also a WinPFind log.

Hijack Log


Logfile of HijackThis v1.99.1
Scan saved at 12:57:22 AM, on 11/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Aw2000\AW2000.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\My Documents\Hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ups.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dairyboy\Application Data\Mozilla\Profiles\default\ndl04cys.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5E0BD5F5-FF74-4436-BEBB-9B62298E2DD4} (Textinput Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/htmlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125539404776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125539349326
O16 - DPF: {7F78DCB6-5480-4268-A079-E6F6E6A1D4B5} (Utils Class) - http://www.aceflex.com/demos/aceflexb2c/admin/activex/AceCommerceTools.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


WinPfind


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...


Checking %System% folder...
PEC2                 8/23/2001 7:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 6/9/2005 3:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           6/9/2005 3:32:28 PM         692736     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           8/4/2005 9:01:54 AM         1449304    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2005 9:01:54 AM         1449304    C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor             8/29/2002 5:41:10 AM        631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/23/2001 7:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/13/2005 11:24:06 PM    S 2048       C:\WINDOWS\bootstat.dat
11/14/2005 1:11:42 AM    H  24         C:\WINDOWS\prK7N
10/18/2005 2:05:40 AM    H  54156      C:\WINDOWS\QTFont.qfn
11/14/2005 12:17:30 AM   H  1024       C:\WINDOWS\system32\config\default.LOG
11/13/2005 11:24:08 PM   H  1024       C:\WINDOWS\system32\config\SAM.LOG
11/13/2005 11:25:02 PM   H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
11/14/2005 1:11:48 AM    H  1024       C:\WINDOWS\system32\config\software.LOG
11/14/2005 12:14:06 AM   H  1024       C:\WINDOWS\system32\config\system.LOG
10/28/2005 3:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9U7CDMB\desktop.ini
10/28/2005 3:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1YR4PYZ\desktop.ini
10/28/2005 3:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OH8FY5E5\desktop.ini
10/28/2005 3:08:02 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQVCLYF\desktop.ini
11/13/2005 11:24:08 PM   H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
8/19/2003 2:20:04 AM        180224     C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation          8/29/2002 5:41:28 AM        578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 5:11:00 AM       183808     C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation          8/29/2002 5:41:28 AM        129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/29/2002 5:41:28 AM        292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/29/2002 5:41:28 AM        121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/29/2002 5:41:28 AM        65536      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         4/22/2005 5:41:40 PM        49262      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          2/20/2003 4:39:50 PM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 6:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/29/2002 5:41:28 AM        268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          2/20/2003 4:39:50 PM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/23/2001 7:00:00 AM        90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
9/27/2005 8:30:48 PM        793        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/27/2004 4:55:02 PM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/22/2005 1:58:08 PM        1216       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/27/2004 7:51:10 AM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
6/12/2005 12:58:28 PM       6655       C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2/9/2005 8:52:26 PM         157        C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
2/27/2004 11:08:42 AM       0          C:\Documents and Settings\All Users\Application Data\REGISTRY.INI


Checking files in %USERPROFILE%\Startup folder...
11/27/2004 4:55:02 PM    HS 84         C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
11/27/2004 7:51:10 AM    HS 62         C:\Documents and Settings\dairyboy\Application Data\desktop.ini
11/19/2004 2:12:52 AM       6099       C:\Documents and Settings\dairyboy\Application Data\dw.log
10/29/2004 5:30:04 PM       47888      C:\Documents and Settings\dairyboy\Application Data\GDIPFONTCACHEV1.DAT
1/2/2005 7:17:02 PM         83         C:\Documents and Settings\dairyboy\Application Data\sversion.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5     =


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9}   = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F}   = &Google  : c:\program files\google\googletoolbar2.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText   = ATI TV   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText   = AIM  : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText   = @shdoclc.dll,-866    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched  C:\Program Files\Java\jre1.5.0\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
ATICCC  "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
QuickTime Task  "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ    "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


ATI DeviceDetect    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control  C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup  C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item    ATI CATALYST System Tray


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup  C:\WINDOWS\pss\Billminder.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\BILLMIND.EXE -startup
item    Billminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup  C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item    HP Digital Imaging Monitor


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup  C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item    HP Image Zone Fast Start


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetShow PowerPoint Helper.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetShow PowerPoint Helper.lnk
backup  C:\WINDOWS\pss\NetShow PowerPoint Helper.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\NETSHO~1\Tools\nsppthlp.exe
item    NetShow PowerPoint Helper


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup  C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location    Common Startup
command C:\QUICKENW\QWDLLS.EXE
item    Quicken Startup


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Event Reminder.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Event Reminder.lnk
backup  C:\WINDOWS\pss\Event Reminder.lnkStartup
location    Startup
command C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe
item    Event Reminder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup  C:\WINDOWS\pss\Kodak EasyShare software.lnkStartup
location    Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item    Kodak EasyShare software


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^dairyboy^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4
path    C:\Documents and Settings\dairyboy\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup  C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup
location    Startup
command C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE
item    OpenOffice.org 1.1.4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    launchpd
hkey    HKCU
command "C:\Program Files\ATI Multimedia\main\launchpd.exe"
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    NeroCheck
hkey    HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    ypager
hkey    HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 0
services    0
startup 2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/14/2005 1:12:15 AM

Hi,
Those logs look clean. We have to search for the "baddies"!!

Try this, open Internet Explorer, go to Tools Menu > Internet Options. Here, click "Advanced" tab and uncheck the option "Enable third party browser extension" and click "Apply" and "OK". Close IE.

Download SpywareBlaster and install it. Run it and click "Enable All Protection" and then close.

Perform a scan at Kaspersky Web scanner (click the button "Kaspersky Online Scanner") and save its log. Please post back its log.

Also, post back whether you get the pop-ups or not.

Hi,
Download KillBox.zip and extract it to a folder. Run KillBox.exe and select the options "End explorer shell while killing file" and "Standard file kill". Next, copy the below mentioned file name completely and paste it in the Full path of the file to delete text box in KillBox.

C:\WINDOWS\prK7N

Once this filename is copied to the KillBox, click the button which has a "white coloured cross on red background" to delete the file.

Here is the Kaspersky Scan

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 19, 2005 11:11:19
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/11/2005
Kaspersky Anti-Virus database records: 150874
-------------------------------------------------------------------------------


Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true


Scan Target - My Computer:
A:\
C:\
D:\
E:\
Z:\


Scan Statistics:
Total number of scanned objects: 114632
Number of viruses found: 10
Number of infected objects: 22
Number of suspicious objects: 15
Duration of the scan process: 6955 sec


Infected Object Name - Virus Name
C:\Aw2000\Attachments\Business.zip/1.exe    Infected: Email-Worm.Win32.Bagle.ei
C:\Aw2000\Attachments\Business.zip  Infected: Email-Worm.Win32.Bagle.ei
C:\Aw2000\Attachments\Connect.zip/connect.exe   Infected: Trojan-Spy.Win32.Goldun.ec
C:\Aw2000\Attachments\Connect.zip   Infected: Trojan-Spy.Win32.Goldun.ec
C:\Aw2000\Attachments\email_photo.zip/Packed-jpeg_photoDat.exe  Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\email_photo.zip   Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\email_photo1.zip/Packed-jpeg_photoDat.exe Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\email_photo1.zip  Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\email_photo2.zip/Packed-jpeg_photoDat.exe Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\email_photo2.zip  Infected: Email-Worm.Win32.Sober.t
C:\Aw2000\Attachments\packed-password_text.zip/mail-packed_password.exe Infected: Email-Worm.Win32.Sober.z
C:\Aw2000\Attachments\packed-password_text.zip  Infected: Email-Worm.Win32.Sober.z
C:\Aw2000\Attachments\sms_text.zip/5.exe    Infected: Email-Worm.Win32.Bagle.ek
C:\Aw2000\Attachments\sms_text.zip  Infected: Email-Worm.Win32.Bagle.ek
C:\Aw2000\Attachments\text_sms.zip/5.exe    Infected: Email-Worm.Win32.Bagle.ek
C:\Aw2000\Attachments\text_sms.zip  Infected: Email-Worm.Win32.Bagle.ek
C:\Crystal Art Software\Crystal FTP\TSUninstaller.exe   Suspicious: Type_Win32
C:\Crystal Art Software\Crystal FTP\uninstal.exe    Suspicious: Type_Win32
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_70073898@ebay.com>][Date Sat, 12 Nov 2005 14:19:54 +0100]/UNNAMED/html  Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_70073898@ebay.com>][Date Sat, 12 Nov 2005 14:19:54 +0100]/UNNAMED   Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx    Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\My Documents\Bussiness\E-Books\Bussiness Ideas and Information Work at home\E-Biz Tips & Tricks.exe  Suspicious: Type_Win32
C:\My Documents\Bussiness\E-Books\Bussiness Ideas and Information Work at home\E-Business Secrets.exe   Suspicious: Type_Win32
C:\My Documents\Bussiness\E-Books\Self Imrovement Memory Speed reading and More\Creative IQ.exe Suspicious: Type_Win32
C:\Netscape\Netscape 6\components\talkback.exe  Suspicious: Type_Win32
C:\Netscape\Netscape 6\netscp6.exe  Suspicious: Type_Win32
C:\Netscape\Netscape 6\regxpcom.exe Suspicious: Type_Win32
C:\Netscape\Netscape 6\ren8dot3.exe Suspicious: Type_Win32
C:\Netscape\Netscape 6\Setup\N6SETUP[1].EXE Suspicious: Type_Win32
C:\Netscape\Netscape 6\uninstall\N6Uninst.exe   Suspicious: Type_Win32
C:\Netscape\Netscape 6\xpicleanup.exe   Suspicious: Type_Win32
C:\pmw2\INSTALL.EXE Suspicious: Type_Win32
C:\pmw2\MSRUN.EXE   Suspicious: Type_Win32
C:\pmw2\PMWURL.EXE  Suspicious: Type_Win32
C:\WINDOWS\rfwnwok.exe  Infected: Trojan-Clicker.Win32.VB.ij
C:\WINDOWS\system32\fran-hot.exe    Infected: Trojan-Dropper.Win32.Agent.abb
C:\WINDOWS\system32\skefgwmi.dll    Infected: Trojan.Win32.Crypt.t


Scan process completed.

Brian

and yes the pop ups are still here

Hi,

Boot in Safe Mode. Then delete these files:-

C:\WINDOWS\rfwnwok.exe
C:\WINDOWS\system32\fran-hot.exe
C:\WINDOWS\system32\skefgwmi.dll
C:\Aw2000\Attachments\Business.zip
C:\Aw2000\Attachments\Connect.zip
C:\Aw2000\Attachments\email_photo.zip
C:\Aw2000\Attachments\email_photo1.zip
C:\Aw2000\Attachments\email_photo2.zip
C:\Aw2000\Attachments\packed-password_text.zip
C:\Aw2000\Attachments\sms_text.zip
C:\Aw2000\Attachments\text_sms.zip
C:\Crystal Art Software\Crystal FTP\TSUninstaller.exe
C:\Crystal Art Software\Crystal FTP\uninstal.exe
C:\My Documents\Bussiness\E-Books\Bussiness Ideas and Information Work at home\E-Biz Tips & Tricks.exe
C:\My Documents\Bussiness\E-Books\Bussiness Ideas and Information Work at home\E-Business Secrets.exe
C:\My Documents\Bussiness\E-Books\Self Imrovement Memory Speed reading and More\Creative IQ.exe

Restart to Normal Mode. Upload and scan the below mentioned files at http://virusscan.jotti.org/ and if they are found infected, please delete them:-
C:\pmw2\INSTALL.EXE
C:\pmw2\MSRUN.EXE
C:\pmw2\PMWURL.EXE

After this, please run a scan at Kaspersky Online Scanner again and post back its log file.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, November 24, 2005 08:32:59
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/11/2005
Kaspersky Anti-Virus database records: 151544
-------------------------------------------------------------------------------


Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true


Scan Target - My Computer:
A:\
C:\
D:\
E:\
Z:\


Scan Statistics:
Total number of scanned objects: 115350
Number of viruses found: 8
Number of infected objects: 211
Number of suspicious objects: 10
Duration of the scan process: 7762 sec


Infected Object Name - Virus Name
C:\Aw2000\Attachments\account-details.zip/account-details.doc                                                                      .exe Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-details.zip   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-details1.zip/account-details.txt                                                                      .scr    Infected: Email-Worm.Win32.Doombot.g
C:\Aw2000\Attachments\account-details1.zip  Infected: Email-Worm.Win32.Doombot.g
C:\Aw2000\Attachments\account-password.zip/account-password.txt                                                                      .exe   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-password.zip  Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-report.zip/account-report.doc                                                                      .scr   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-report.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-report1.zip/account-report.htm                                                                      .scr  Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\account-report1.zip   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\downloadm.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm1.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm1.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm10.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm10.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm2.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm2.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm3.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm3.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm4.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm4.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm5.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm5.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm6.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm6.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm7.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm7.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm8.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm8.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm9.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\downloadm9.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\email-details.zip/email-details.htm                                                                      .exe Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\email-details.zip Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\email-details1.zip/email-details.htm                                                                      .scr    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\email-details1.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\gxmpjx.zip/gxmpjx.htm                                                                      .scr   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\gxmpjx.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\h.zip/check.jpg                                                                                                                                                            .exe   Infected: Trojan-Spy.Win32.Goldun.et
C:\Aw2000\Attachments\h.zip Infected: Trojan-Spy.Win32.Goldun.et
C:\Aw2000\Attachments\id.zip/check.jpg                                                                                                                                                            .exe  Infected: Trojan-Spy.Win32.Goldun.et
C:\Aw2000\Attachments\id.zip    Infected: Trojan-Spy.Win32.Goldun.et
C:\Aw2000\Attachments\important-details.zip/important-details.htm                                                                      .exe Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\important-details.zip Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\important-details1.zip/important-details.htm                                                                      .scr    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\important-details1.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list1.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list1.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list166.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list166.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list2.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list2.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list3.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list3.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list496.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list496.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list873.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\list873.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail1.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail1.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail10.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail10.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail2.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail2.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail3.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail3.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail4.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail4.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail5.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail5.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail6.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail6.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail7.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail7.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail8.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail8.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail9.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail9.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext1.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext1.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext10.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext10.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext11.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext11.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext12.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext12.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext13.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext13.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext2.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext2.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext3.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext3.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext4.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext4.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext5.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext5.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext6.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext6.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext7.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext7.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext8.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext8.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext9.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mailtext9.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body1.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body1.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body2.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body2.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body3.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body3.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body4.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body4.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body5.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body5.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body6.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body6.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body7.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\mail_body7.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list1.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list1.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list2.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list2.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list293.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list293.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list3.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list3.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list4.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list4.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list5.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list5.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list6.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list6.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list884.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\question_list884.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\readme.zip/readme.txt                                                                      .pif   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\readme.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\reg_pass-data.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data1.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data1.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data10.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data10.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data11.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data11.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data12.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data12.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data13.zip/File-packed_dataInfo.exe  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data13.zip   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data2.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data2.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data3.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data3.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data4.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data4.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data5.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data5.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data6.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data6.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data7.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data7.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data8.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data8.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data9.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass-data9.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass.zip  Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass1.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass1.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass10.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass10.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass11.zip/File-packed_dataInfo.exe   Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass11.zip    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass2.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass2.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass3.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass3.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass4.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass4.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass5.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass5.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass6.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass6.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass7.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass7.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass8.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass8.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass9.zip/File-packed_dataInfo.exe    Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\reg_pass9.zip Infected: Email-Worm.Win32.Sober.y
C:\Aw2000\Attachments\sesjjz.zip/sesjjz.txt                                                                      .exe   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\sesjjz.zip    Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\stb.zip/stb.txt                                                                      .exe Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\stb.zip   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\updated-password.zip/updated-password.htm                                                                      .scr   Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\updated-password.zip  Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\updated-password1.zip/updated-password.htm                                                                      .scr  Infected: Email-Worm.Win32.Doombot.f
C:\Aw2000\Attachments\updated-password1.zip Infected: Email-Worm.Win32.Doombot.f
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_70073898@ebay.com>][Date Sat, 12 Nov 2005 14:19:54 +0100]/UNNAMED/html  Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_70073898@ebay.com>][Date Sat, 12 Nov 2005 14:19:54 +0100]/UNNAMED   Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\dairyboy\Local Settings\Application Data\Identities\{39F294CD-251A-41F1-BC8A-B5AB9ABA061B}\Microsoft\Outlook Express\Deleted Items.dbx    Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Netscape\Netscape 6\components\talkback.exe  Suspicious: Type_Win32
C:\Netscape\Netscape 6\netscp6.exe  Suspicious: Type_Win32
C:\Netscape\Netscape 6\regxpcom.exe Suspicious: Type_Win32
C:\Netscape\Netscape 6\ren8dot3.exe Suspicious: Type_Win32
C:\Netscape\Netscape 6\Setup\N6SETUP[1].EXE Suspicious: Type_Win32
C:\Netscape\Netscape 6\uninstall\N6Uninst.exe   Suspicious: Type_Win32
C:\Netscape\Netscape 6\xpicleanup.exe   Suspicious: Type_Win32
C:\pmw2\INSTALL.EXE Suspicious: Type_Win32
C:\pmw2\MSRUN.EXE   Suspicious: Type_Win32
C:\pmw2\PMWURL.EXE  Suspicious: Type_Win32
C:\WINDOWS\offun.exe    Infected: Trojan-Downloader.Win32.VB.nw
C:\WINDOWS\system32\swpmpapi.exe    Infected: Trojan.Win32.Crypt.t


Scan process completed.

Hi,

Boot in Safe Mode. Please delete these two files (either manually or using KillBox):-
C:\WINDOWS\offun.exe
C:\WINDOWS\system32\swpmpapi.exe

Also, a lot of attachments in software AW2000 are infected with viruses. Delete all the files inside C:\Aw2000\Attachments folder.

Go to Start > Search. Here click "All files and folders" in the left pane. Next, click on "More advanced options". Here select the options "Search system folders", "Search hidden files and folders" and "Search subfolders". Next, type/copy the below mentioned filename and search for it, if you find it, right-click on it and click delete:-
Deleted Items.dbx

Restart to Normal Mode. I think you dont have an Antivirus software. Its highly essential. If you are not having one, you can download and install AntiVir. Its a very good Antivirus and its free too.
Please post back whether you receive any pop-ups or not.