lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Infected With Heur.trojan.generic Please Help

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 21st Oct 2008, 10:48
Member Group
  
my computer at work hasnt had a good anti virus and after i installed kaspersky it found that my lsass.exe\qoMghecb.dll files are infected with the heur.trojan.generic virus. There is no info about it on most websites about the virus or how to remove it. Can someone please help me out?
  #2  
Old 21st Oct 2008, 10:49
Administrator Group
  
http://www.computer-juice.com/forums...-posting-7476/

Follow the guide, install the free software and post the log files.

Then the malware team can see what is wrong with your system.
__________________

My System: Hybr!d

Processor(s):
AMD Turion 64 x2 TL-64 2.2GHz
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Integrated
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin Cable
Monitor(s):
17" WXGA+ HD BrightView Widescreen
Operating System(s):
Windows 7 Ultimate 32Bit
  #3  
Old 27th Oct 2008, 08:58
Member Group
  
ok here are the scans from hijack this, super spyware, and malware respectively

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:36 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Western Union\Universal-Release\Translink.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {3C1F44A9-D1FD-4AA5-BC66-69816B58680C} (Printer Class) - https://webcenter.ipponline.com/ippo...iptPrinter.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6B0228D7-D6D5-4B97-82E7-79557E4314D0} (ScannerDll.CheckScanner) - https://webcenter.ipponline.com/ippo...ScannerDll.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text/html - {59610584-cc18-436f-b031-a6893781f08d} - C:\WINDOWS\system32\msziptools.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER ~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPE R~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloe hk.dll dwolhm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6163 bytes
  #4  
Old 27th Oct 2008, 08:58
Member Group
  
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/23/2008 at 11:31 AM

Application Version : 4.21.1004

Core Rules Database Version : 3606
Trace Rules Database Version: 1592

Scan type : Complete Scan
Total Scan Time : 00:36:11

Memory items scanned : 460
Memory threats detected : 3
Registry items scanned : 5191
Registry threats detected : 385
File items scanned : 37221
File threats detected : 260

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\SZNQNJ.DLL
C:\WINDOWS\SYSTEM32\SZNQNJ.DLL

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\RQRIJAST.DLL
C:\WINDOWS\SYSTEM32\RQRIJAST.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\QOMGHECB.DLL
C:\WINDOWS\SYSTEM32\QOMGHECB.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{14F3A19A-1552-46C1-A1C8-A2179A397038}
HKCR\CLSID\{14F3A19A-1552-46C1-A1C8-A2179A397038}
HKCR\CLSID\{14F3A19A-1552-46C1-A1C8-A2179A397038}\InprocServer32
HKCR\CLSID\{14F3A19A-1552-46C1-A1C8-A2179A397038}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9AD7FC7F-1FE1-4414-9AC5-EC51457528E4}
HKCR\CLSID\{9AD7FC7F-1FE1-4414-9AC5-EC51457528E4}
HKCR\CLSID\{9AD7FC7F-1FE1-4414-9AC5-EC51457528E4}\InprocServer32
HKCR\CLSID\{9AD7FC7F-1FE1-4414-9AC5-EC51457528E4}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{9AD7FC7F-1FE1-4414-9AC5-EC51457528E4}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqRiJAst

Trojan.Vundo-Variant/NextGen-Six
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{f904655c-8a31-4df9-be6d-8b5cb123d208}
HKCR\CLSID\{F904655C-8A31-4DF9-BE6D-8B5CB123D208}
HKCR\CLSID\{F904655C-8A31-4DF9-BE6D-8B5CB123D208}\InprocServer32
HKCR\CLSID\{F904655C-8A31-4DF9-BE6D-8B5CB123D208}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PNSWWF.DLL

Trojan.Smitfraud Variant/IE Anti-Spyware
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
C:\Documents and Settings\Lifeline\Cookies\lifeline@dynamic.media.a drevolver[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@html[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@advertising[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@chitika[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@server.iad.live person[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@linksynergy[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@questionmarket[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@trvlnet.adburea u[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@statse.webtrend slive[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@fastclick[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@specificclick[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@iacas.adbureau[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.adocean[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@citi.bridgetrac k[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@banners.andomed ia[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@serving-sys[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@trafficmp[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.addynamix[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@zedo[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.pointroll[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@glb.adtechus[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@interclick[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-hyundaiusa.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media.ntsserve[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.shopica[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@60960915[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@bs.serving-sys[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@bluestreak[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@roiservice[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@superrewards[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@atdmt[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@trackalyzer[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tacoda[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@sparknetworks.1 12.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@collective-media[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@atwola[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@35668663[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@web4.realtracke r[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@checkingsaccoun tsfree[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@track.bestbuy[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adbrite[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-spyderactivesportinc.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media6degrees[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@doubleclick[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@edge.ru4[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@casalemedia[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@revenue[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@homeaway.112.2o 7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@insightexpressa i[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adserver.adreac tor[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media.mtvnservi ces[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adinterax[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tremor.adbureau[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@optimize.indiec lick[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@valueclick[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@44153975[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.travelcount ry[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media.adrevolve r[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@hearstugo.112.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@please[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@waterfrontmedia .112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@anat.tacoda[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@snapfish.112.2o 7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.yieldmanager[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.cnn[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.bridgetrack[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@nextag[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@data.coremetric s[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@burstnet[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@azjmp[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@247realmedia[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tradedoubler[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@cgi-bin[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adopt.euroclick[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adrevolver[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@anad.tacoda[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@pro-market[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@viavh1com.112.2 o7[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adrevolver[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@realmedia[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@viavh1comdev.11 2.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@e-2dj6wdl4umcjogo.stats.esomniture[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adopt.specificc lick[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@statcounter[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@rm.yieldmanager[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@overture[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@revsci[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@27467505[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@extrovert.122.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tracking.keywor dmax[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tribalfusion[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@208.122.40[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@mediaplex[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@richmedia.yahoo[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@apmebf[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@at.atwola[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.calorie-count[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1071868927[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@gadget[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.mynetfinder[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adlegend[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@kontera[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@backcountry[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@SPD0478[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@my-calorie-counter[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.polygonelit e[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@mlarmani.122.2o 7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.o2[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@aerlingus.122.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.widgetbucks[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@prospect.adbure au[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@wunderloop.zano x[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tracking.fathom seo[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@valeantpharmace uticals.112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1072676049[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@pai.112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@shopping.112.2o 7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.cheapflight s[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@stampscom.112.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@27814325[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ordie.adbureau[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.backcountry outlet[3].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.backcountry outlet[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@60960915[3].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.mediamayhem corp[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@counter.surfcou nters[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@msnportal.112.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.associatedco ntent[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@hit.stat[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@e-2dj6wjnyekc5ogo.stats.esomniture[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@showit[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@41586732[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tracking.foundr y42[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.scribefire[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1070515056[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@bizrate[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-homesandland.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@homestore.122.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@te.kontera[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@perf.overture[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@redirect.clicks hield[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@hypertracker[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1069204868[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1070848910[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@joyforouryouth. 112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@sales.liveperso n[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adtech[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1070932382[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.backcountry[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.backcountry[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@warnerbros.112. 2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@zbox.zanox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1068787440[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-officeworld.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@directtrack[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@microsoftwindow s.112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@qnsr[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media303[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@LPneimanmarcus[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@calorie-count[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@bridge.admarket place[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adserver.adtech us[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@viacom.adbureau[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@healthgrades.11 2.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ford.112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@partner2profit[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@backcountryoutl et[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@viator.122.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.burstnet[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@blackstone.122. 2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ssm.directtrack[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@yadro[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@yieldmanager[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.yoyo[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@mediapromoter[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@rotator[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@angleinteractiv e.directtrack[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@amazonbebe.122. 2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@clickbooth[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@sharewellgroup. 112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-guess.hitbox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.quixsurf[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1068951109[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@cgi-bin[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@socialmedia[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adtrafficdriver[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@pcvirusremover2 008[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@login.tracking1 01[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.burstbeacon[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@efashionsolutio ns.122.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@polygonelite[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.penis.com[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@stat.dealtime[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@clicktorrent[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@56294818[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@sixapart.adbure au[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad1.clickhype[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@kaboose.112.2o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@afe.specificcli ck[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@enhance[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@videoegg.adbure au[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@208.122.40[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@eyewonder[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@hornymatches[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adserver[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@adserver.easyad[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@33069911[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@specificmedia[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@mo-media[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@test.coremetric s[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@counter.hitslin k[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.zanox[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.monster[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@please[3].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.findgift[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@pricesexposed[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@shopica[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@wmvmedialease[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1052094474[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@watchmyclicks[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ads.ovguide[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@crackle[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ehg-advertisementbv.hitbox[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@quick-scanner[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@1066497271[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@clickz.lonelych eatingwives[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@76226072[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@tracking.novem[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@viamtvcom.112.2 o7[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@www.findit-quick[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@accounts[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.adocean[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@ad.yieldmanager[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@media.licenseac quisition[2].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@serving-sys[1].txt
C:\Documents and Settings\Lifeline\Cookies\lifeline@webstats[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt

CommonName Toolbar/Browser Helper Object
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}

Trojan.MalwareWipe
HKCR\AppId\{70F17C8C-1744-41B6-9D07-575DB448DCC5}

Malware.AntiVirusGolden
HKCR\Cerberus.EngineListener
HKCR\Cerberus.EngineListener\CLSID
HKCR\Cerberus.EngineListener\CurVer
HKCR\Cerberus.EngineListener.1
HKCR\Cerberus.EngineListener.1\CLSID
HKCR\Cerberus.Scanner
HKCR\Cerberus.Scanner\CLSID
HKCR\Cerberus.Scanner\CurVer
HKCR\Cerberus.Scanner.1
HKCR\Cerberus.Scanner.1\CLSID
HKCR\Cerberus.ThreatCollection
HKCR\Cerberus.ThreatCollection\CLSID
HKCR\Cerberus.ThreatCollection\CurVer
HKCR\Cerberus.ThreatCollection.1
HKCR\Cerberus.ThreatCollection.1\CLSID
HKCR\Engine.Backup
HKCR\Engine.Backup\CLSID
HKCR\Engine.Backup\CurVer
HKCR\Engine.Backup.1
HKCR\Engine.Backup.1\CLSID
HKCR\Engine.IgnoreList
HKCR\Engine.IgnoreList\CLSID
HKCR\Engine.IgnoreList\CurVer
HKCR\Engine.IgnoreList.1
HKCR\Engine.IgnoreList.1\CLSID
HKCR\Engine.Log
HKCR\Engine.Log\CLSID
HKCR\Engine.Log\CurVer
HKCR\Engine.Log.1
HKCR\Engine.Log.1\CLSID
HKCR\Engine.LogRecord
HKCR\Engine.LogRecord\CLSID
HKCR\Engine.LogRecord\CurVer
HKCR\Engine.LogRecord.1
HKCR\Engine.LogRecord.1\CLSID
HKCR\Engine.Paths
HKCR\Engine.Paths\CLSID
HKCR\Engine.Paths\CurVer
HKCR\Engine.Paths.1
HKCR\Engine.Paths.1\CLSID
HKCR\Engine.Quarantine
HKCR\Engine.Quarantine\CLSID
HKCR\Engine.Quarantine\CurVer
HKCR\Engine.Quarantine.1
HKCR\Engine.Quarantine.1\CLSID
HKCR\Engine.RunAs
HKCR\Engine.RunAs\CLSID
HKCR\Engine.RunAs\CurVer
HKCR\Engine.RunAs.1
HKCR\Engine.RunAs.1\CLSID
HKCR\Engine.SearchItem
HKCR\Engine.SearchItem\CLSID
HKCR\Engine.SearchItem\CurVer
HKCR\Engine.SearchItem.1
HKCR\Engine.SearchItem.1\CLSID
HKCR\Engine.Threat
HKCR\Engine.Threat\CLSID
HKCR\Engine.Threat\CurVer
HKCR\Engine.Threat.1
HKCR\Engine.Threat.1\CLSID
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}#AppID
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\LocalServer32
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\LocalServer32#ThreadingModel
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\ProgID
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\Programmable
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\TypeLib
HKCR\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}\VersionIndependentProgID
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}#AppID
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\LocalServer32
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\LocalServer32#ThreadingModel
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\ProgID
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\Programmable
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\TypeLib
HKCR\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A}\VersionIndependentProgID
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}#AppID
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\LocalServer32
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\LocalServer32#ThreadingModel
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\ProgID
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\Programmable
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\TypeLib
HKCR\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C}\VersionIndependentProgID
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}#AppID
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}\LocalServer32
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}\LocalServer32#ThreadingModel
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}\ProgID
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}\TypeLib
HKCR\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C}\VersionIndependentProgID
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}#AppID
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}\LocalServer32
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}\LocalServer32#ThreadingModel
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}\ProgID
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}\TypeLib
HKCR\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC}\VersionIndependentProgID
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}#AppID
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}\LocalServer32
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}\LocalServer32#ThreadingModel
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}\ProgID
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}\TypeLib
HKCR\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE}\VersionIndependentProgID
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}#AppID
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}\LocalServer32
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}\LocalServer32#ThreadingModel
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}\ProgID
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}\TypeLib
HKCR\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A}\VersionIndependentProgID
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}#AppID
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}\LocalServer32
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}\LocalServer32#ThreadingModel
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}\ProgID
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}\TypeLib
HKCR\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E}\VersionIndependentProgID
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}#AppID
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\LocalServer32
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\LocalServer32#ThreadingModel
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\ProgID
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\Programmable
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\TypeLib
HKCR\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38}\VersionIndependentProgID
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}#AppID
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}\LocalServer32
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}\LocalServer32#ThreadingModel
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}\ProgID
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}\TypeLib
HKCR\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988}\VersionIndependentProgID
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}#AppID
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}\LocalServer32
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}\ProgID
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}\Programmable
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}\TypeLib
HKCR\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535}\VersionIndependentProgID
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}#AppID
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}\LocalServer32
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}\LocalServer32#ThreadingModel
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}\ProgID
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}\TypeLib
HKCR\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D}\VersionIndependentProgID
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}\1.0
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}\1.0\0
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}\1.0\0\win32
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}\1.0\FLAGS
HKCR\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}\1.0\HELPDIR
HKCR\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}
HKCR\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}\ProxyStubClsid
HKCR\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}\ProxyStubClsid32
HKCR\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}\TypeLib
HKCR\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}\TypeLib#Version
HKCR\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}
HKCR\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}\ProxyStubClsid
HKCR\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}\ProxyStubClsid32
HKCR\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}\TypeLib
HKCR\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}\TypeLib#Version
HKCR\Interface\{715D709B-2B10-42FA-A069-297D25D93601}
HKCR\Interface\{715D709B-2B10-42FA-A069-297D25D93601}\ProxyStubClsid
HKCR\Interface\{715D709B-2B10-42FA-A069-297D25D93601}\ProxyStubClsid32
HKCR\Interface\{715D709B-2B10-42FA-A069-297D25D93601}\TypeLib
HKCR\Interface\{715D709B-2B10-42FA-A069-297D25D93601}\TypeLib#Version
HKCR\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}
HKCR\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}\ProxyStubClsid
HKCR\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}\ProxyStubClsid32
HKCR\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}\TypeLib
HKCR\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}\TypeLib#Version
HKCR\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}
HKCR\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}\ProxyStubClsid
HKCR\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}\ProxyStubClsid32
HKCR\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}\TypeLib
HKCR\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}\TypeLib#Version
HKCR\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}
HKCR\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}\ProxyStubClsid
HKCR\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}\ProxyStubClsid32
HKCR\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}\TypeLib
HKCR\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}\TypeLib#Version
HKCR\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}
HKCR\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}\ProxyStubClsid
HKCR\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}\ProxyStubClsid32
HKCR\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}\TypeLib
HKCR\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}\TypeLib#Version
HKCR\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}
HKCR\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}\ProxyStubClsid
HKCR\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}\ProxyStubClsid32
HKCR\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}\TypeLib
HKCR\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}\TypeLib#Version
HKCR\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}
HKCR\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}\ProxyStubClsid
HKCR\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}\ProxyStubClsid32
HKCR\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}\TypeLib
HKCR\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}\TypeLib#Version
HKCR\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}
HKCR\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}\ProxyStubClsid
HKCR\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}\ProxyStubClsid32
HKCR\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}\TypeLib
HKCR\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}\TypeLib#Version
HKCR\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}
HKCR\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}\ProxyStubClsid
HKCR\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}\ProxyStubClsid32
HKCR\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}\TypeLib
HKCR\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}\TypeLib#Version
HKCR\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}
HKCR\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}\ProxyStubClsid
HKCR\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}\ProxyStubClsid32
HKCR\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}\TypeLib
HKCR\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}\TypeLib#Version
HKCR\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}
HKCR\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}\ProxyStubClsid
HKCR\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}\ProxyStubClsid32
HKCR\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}\TypeLib
HKCR\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}\TypeLib#Version
HKCR\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}
HKCR\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}\ProxyStubClsid
HKCR\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}\ProxyStubClsid32
HKCR\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}\TypeLib
HKCR\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}\TypeLib#Version
HKCR\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}
HKCR\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}\ProxyStubClsid
HKCR\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}\ProxyStubClsid32
HKCR\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}\TypeLib
HKCR\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}\TypeLib#Version
HKCR\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}
HKCR\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}\ProxyStubClsid
HKCR\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}\ProxyStubClsid32
HKCR\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}\TypeLib
HKCR\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}\TypeLib#Version
HKCR\AppId\Cerberus.EXE
HKCR\AppId\Cerberus.EXE#AppID

Trojan.Media-Codec
C:\Documents and Settings\Lifeline\Favorites\Online Security Test.url

Adware.180solutions/Seekmo
HKU\S-1-5-21-4234981574-39719586-4263454222-1007\Software\seekmo
HKLM\Software\seekmo
HKLM\Software\seekmo#cvf
HKLM\Software\seekmo#install_embedded
HKLM\Software\seekmo#umt
HKLM\Software\seekmo#duid
HKLM\Software\seekmo#partner_id
HKLM\Software\seekmo#product_id
C:\Program Files\Seekmo\seekmoau.dat
C:\Program Files\Seekmo\seekmo_gdf.dat
C:\Program Files\Seekmo\seekmo_kyf.dat
C:\Program Files\Seekmo
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo Customer Support.url
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo.com.url
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Uninstall Seekmo Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Trojan.Media-Codec/V4
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MultiMedia Software#Publisher

Rogue.AntiSpyKit
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\cnreqoyLmwnuv
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\crrmlfrwzfxhg
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\gizbuobfa
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\KIcbv
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\nfjRol
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\rDkSqA

Rogue.VirusHeat
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\hwuhrcdfh
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\hxgfzhjfHrx
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#ThreadingModel
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\iTzlTI
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\nMnkE
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\OufPqTb
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\sBnix
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\uAEeiihPke
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\0
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\0\win32
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\FLAGS
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\HELPDIR
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\ProxyStubClsid
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\ProxyStubClsid32
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\TypeLib
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\TypeLib#Version
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\ProxyStubClsid
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\ProxyStubClsid32
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\TypeLib
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\TypeLib#Version
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\ProxyStubClsid
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\ProxyStubClsid32
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\TypeLib
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\TypeLib#Version
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\ProxyStubClsid
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\ProxyStubClsid32
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\TypeLib
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\TypeLib#Version
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\ProxyStubClsid
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\ProxyStubClsid32
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\TypeLib
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\TypeLib#Version
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\ProxyStubClsid
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\ProxyStubClsid32
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\TypeLib
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\TypeLib#Version
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\ProxyStubClsid
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\ProxyStubClsid32
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\TypeLib
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\TypeLib#Version
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\ProxyStubClsid
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\ProxyStubClsid32
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\TypeLib
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\TypeLib#Version
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\ProxyStubClsid
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\ProxyStubClsid32
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\TypeLib
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\TypeLib#Version
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\ProxyStubClsid
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\ProxyStubClsid32
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\TypeLib
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\TypeLib#Version
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\ProxyStubClsid
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\ProxyStubClsid32
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\TypeLib
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\TypeLib#Version
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\ProxyStubClsid
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\ProxyStubClsid32
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\TypeLib
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\TypeLib#Version
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\ProxyStubClsid
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\ProxyStubClsid32
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\TypeLib
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\TypeLib#Version
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\ProxyStubClsid
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\ProxyStubClsid32
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\TypeLib
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\TypeLib#Version
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\ProxyStubClsid
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\ProxyStubClsid32
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\TypeLib
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\TypeLib#Version
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\ProxyStubClsid
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\ProxyStubClsid32
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\TypeLib
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\TypeLib#Version

Trojan.Media-Codec/V5
HKU\S-1-5-21-4234981574-39719586-4263454222-1007\Software\NetProject
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#UninstallString

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
  #5  
Old 27th Oct 2008, 08:59
Member Group
  
Malwarebytes' Anti-Malware 1.30
Database version: 1310
Windows 5.1.2600 Service Pack 2

10/23/2008 12:24:55 PM
mbam-log-2008-10-23 (12-24-55).txt

Scan type: Quick Scan
Objects scanned: 52051
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 124
Registry Values Infected: 15
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dwolhm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06ef2cab-3340-4eb1-a740-c33ac922fa1f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{06ef2cab-3340-4eb1-a740-c33ac922fa1f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9ad7fc7f-1fe1-4414-9ac5-ec51457528e4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrijast (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ad7fc7f-1fe1-4414-9ac5-ec51457528e4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b8c54c47-9d3c-40f3-baf6-2443d2941e84} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jvkuajdi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b8c54c47-9d3c-40f3-baf6-2443d2941e84} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c8a09740-1b82-4f12-8249-39844419ed2d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8a09740-1b82-4f12-8249-39844419ed2d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9ad7fc7f-1fe1-4414-9ac5-ec51457528e4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{06ef2cab-3340-4eb1-a740-c33ac922fa1f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c8a09740-1b82-4f12-8249-39844419ed2d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.enginelistener (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.scanner (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.scanner.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.threatcollection (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backup (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.log (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.log.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.logrecord (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.paths (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.quarantine (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.runas (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.searchitem (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.threat (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ec085a8-9818-43b7-b975-ec7555eda4d2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a74c41c-0837-4fbe-ba50-621eb70f01ce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{25297614-1b76-4c2c-82c6-62738aa0e8f0} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27ed4ac2-b6d8-4079-9831-017a100b391e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37f89457-1208-4670-9245-58c62bd6d870} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f6d6c35-fb73-45e6-9473-bb4cc25ce019} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45477032-abd0-454d-9ce4-ea34c10322f8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69e34747-0b27-4b30-ae20-1023bf29e246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715d709b-2b10-42fa-a069-297d25d93601} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79be5b3b-80b2-4b77-a042-efc90f6e0de7} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebb34cf-1728-4136-a968-48f231dad1b4} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{872c1b1e-3cf0-4d3a-95e5-a0c662d2854c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886b1d08-b404-40f0-aa18-4e416682a2e9} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{88daa291-b413-4c46-b378-3be66f65369e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{925b0211-a1c1-4712-8fca-5f5b8101736d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{936a2f4a-53f8-4d2f-92aa-2f9de889841c} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{afcc3fa7-82a9-42d5-a405-78711e97a5d6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b01e37c4-5497-4d58-9ffd-d5653b8dc866} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc05a4a3-7b28-488f-ab02-6aaedb86accf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ccaa201c-c48d-48a8-a1e8-846562cbf1c1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d483521b-d5cc-43ff-a45a-9be4a8e6606e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e80114aa-6653-4952-9e97-5f1dc63bee0f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed2aff47-b7be-4273-a203-c796e87f72d2} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0fa7ed9-5a0a-4374-b63e-bebafd52192e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9109a2a-432b-4add-a6fa-06ba22dcd2d9} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fb5ddab7-6aa5-4e97-9541-5a75addf4aba} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca3958a-8d38-4d14-8b81-ccd7f68a8a01} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fddf521b-0ebe-4d15-838c-73e2d851161b} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ff609434-eb47-481b-ba0e-1d2b467629a5} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6743c36c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ControlPanel\NameSpace\{6743c3 6c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\j qvxedzb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\j qvxedzb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\jqvxedzb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b8c54c47-9d3c-40f3-baf6-2443d2941e84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Cerberus.EXE (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\b0c087c0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{9ad7fc7f-1fe1-4414-9ac5-ec51457528e4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\program files\adwarealert\filterdrv\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomghecb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomghecb -> Delete on reboot.

Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bcehgMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcehgMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dwolhm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\evhuoman.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\namouhve.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uqtnjtpl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{AD4149B3-56B1-4E2A-A8A4-54FF9DE92C87}\Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fdbgbvkj.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Local Settings\Temporary Internet Files\Content.IE5\LMQL183J\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Log\2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lifeline\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
  #6  
Old 27th Oct 2008, 09:04
Moderator Group
  
You are using two antivirus and two firewalls (security suites). Please uninstall one of them now then post a fresh HijackThis log.
__________________
  #7  
Old 27th Oct 2008, 09:11
Member Group
  
well i have kaspersky installed so its antivirus and fire wall and im guessing windows firewall is on
and i dont know what other antivirus i have installed im not running anything else
can u be more specific?
  #8  
Old 27th Oct 2008, 09:17
Moderator Group
  
Microsoft Windows OneCare Live is also an antivirus/firewall combination.
__________________
  #9  
Old 29th Oct 2008, 08:01
Member Group
  
ok i looked but one care is not installed i had uninstalled it when i was installing kaspersky
here is a new hijackthis anyway.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:53 AM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Western Union\Universal-Release\Translink.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {3C1F44A9-D1FD-4AA5-BC66-69816B58680C} (Printer Class) - https://webcenter.ipponline.com/ippo...iptPrinter.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6B0228D7-D6D5-4B97-82E7-79557E4314D0} (ScannerDll.CheckScanner) - https://webcenter.ipponline.com/ippo...ScannerDll.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text/html - {59610584-cc18-436f-b031-a6893781f08d} - C:\WINDOWS\system32\msziptools.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER ~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPE R~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloe hk.dll dwolhm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)

--
End of file - 6332 bytes
  #10  
Old 29th Oct 2008, 09:55
Moderator Group
  
Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O18 - Filter hijack: text/html - {59610584-cc18-436f-b031-a6893781f08d} - C:\WINDOWS\system32\msziptools.dll
- O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
- O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code:
@ECHO OFF
sc stop "msfwsvc"
sc delete "msfwsvc"
sc stop "OneCareMP"
sc delete "OneCareMP"
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Download OTMoveIt2 by OldTimer and save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code:
[kill explorer]
C:\Program Files\Microsoft Windows OneCare Live
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.