************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie
BEFORE RUNNING WIN32DELFKIL
***************************
File(s) found in Windows directory
----------------------------------
g27772921.dll
compstuic.dll
File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINDOWS\\g27772921.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINDOWS\\g27772921.dll"
"ThreadingModel"="Apartment"
Notify key
----------
subkey cfgmngr32 is present!
AFTER RUNNING WIN32DELFKIL
**************************
File(s) found in Windows directory
----------------------------------
g27772921.dll
File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
Notify key
----------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:21:36 PM 6/30/2006
+ Scan result:
C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\PIIEG51C\anti4[1].exe -> Adware.Virtumonde :
Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc100.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc101.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc102.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc103.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc104.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc105.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc106.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc107.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc108.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc109.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc110.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc111.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc112.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc113.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc114.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc115.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc116.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc117.dll -> Downloader.Delf.amb : Cleaned with backup
(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc97.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc98.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc99.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\ross\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.573:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.711:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.635:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.636:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.420:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.482:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.722:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.629:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.706:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.637:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.638:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.640:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->
TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\0PQLI5W5\bgates[1].exe -> Trojan.Dialer.pz :
Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ross\My Documents\my shit\my downloads\hijackthis\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program
Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel
Networks\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program
Files\ThinkVantage\SystemUpdate\UCLauncherService.exe