Alrighty then.....
Here's the log from CFScript after it was run through ComboFix:
ComboFix 07-09-18 - "Dottie Sisley" 2007-09-19 12:33:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT -4:00]
* Created a new restore point
FILE::
C:\WINDOWS\system32\qeubrqxr.dll
C:\WINDOWS\system32\msdsrngn.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt
C:\Program Files\NoAdware5.0
C:\Program Files\NoAdware5.0\noadware4_010907.na
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\NoAdware5.0\nutils.dll
C:\Program Files\NoAdware5.0\unins000.dat
C:\Program Files\NoAdware5.0\unins000.exe
C:\Program Files\WinAble
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\RG90dGllIFNpc2xleQ
C:\WINDOWS\RG90dGllIFNpc2xleQ\l36Xx355KIhDwZU5yk.vbs
C:\WINDOWS\system32\qeubrqxr.dll
C:\WINDOWS\system32\rxqrbueq.ini
.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.
2007-09-19 10:27 <DIR> d-------- C:\Program Files\iWin.com
2007-09-17 16:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-14 12:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-14 11:28 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-09-14 08:19 <DIR> d-------- C:\Program Files\bfgclient
2007-09-13 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 12:36 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-19 10:47 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 15:11 --------- d-------- C:\DOCUME~1\DOTTIE~1\APPLIC~1\My Games
2007-09-13 09:29 --------- d-------- C:\Program Files\QuickTime
2007-09-13 08:12 --------- d-------- C:\Program Files\Oracle
2007-09-12 15:18 --------- d-------- C:\Program Files\Games
2007-09-10 08:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
2007-09-07 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-08-31 13:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven
2007-08-08 09:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Joyboost
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 09:16 --------- d-------- C:\Program Files\MSN Games
2007-08-02 09:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
2007-07-26 11:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friday's games
2007-07-19 07:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2006-07-18 10:15 774144 --a------ C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2007-01-31 05:58 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 21:55]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ToolExe"="c:\program files\dell\traytool.exe" [2003-04-18 14:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 21:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 15:07]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [2004-09-02 14:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-11-10 09:26:23]
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-19 12:36:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-19 12:37:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 12:37
C:\ComboFix2.txt ... 2007-09-18 16:33
.
--- E O F ---
Here's the log from SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/19/2007 at 01:23 PM
Application Version : 3.9.1008
Core Rules Database Version : 3308
Trace Rules Database Version: 1314
Scan type : Complete Scan
Total Scan Time : 00:38:06
Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 5725
Registry threats detected : 9
File items scanned : 41088
File threats detected : 328
Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.pointroll[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tribalfusion[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantispyware[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.winantispyware[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@edge.ru4[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@sexbuddies[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.clickondetroit[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.burstnet[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adbrite[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.adtrak[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@serving-sys[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@collective-media[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ezzs.valueclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@servlet[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@tremor.adbureau[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@4.adbrite[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@fastclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@zedo[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@sales.liveperson[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@media.adrevolver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@hitbox[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atdmt[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantivirus[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.adbrite[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.digitalmedianet[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ad.yieldmanager[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adinterax[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@interclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atwola[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.cnn[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@statse.webtrendslive[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@casalemedia[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@reduxads.valuead[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@eas.apm.emediate[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@stats.mycokerewards[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adprofile[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@stats1.reliablestats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[14].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@server.iad.liveperson[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@a1.interclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.k8l[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@specificclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@eyewonder[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cbs.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068832749[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-yahoo.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.burstbeacon[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.clickmanage[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@bs.serving-sys[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@stat.onestat[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bluestreak[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@pro-market[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@buycom.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[14].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clickondetroit[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@partner2profit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.realtechnetwork[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@freecodesource.advertserve[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cpvfeed[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@drivecleaner[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@anat.tacoda[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@secure.revenuepilot[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cgi-bin[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@doubleclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@realmedia[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@apmebf[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@goclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.gamestats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@mediaplex[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@overture[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@anad.tacoda[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@64910672[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@valueclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@brightcove.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@revsci[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@digitalmediaonline.us.intellitxt[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@amaena[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@image.masterstats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.tqlkg[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@viamtvcom.112.2o7[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clicksfeed[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@login.tracking101[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adserver[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@adopt.specificclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@comcast.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.komli[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068302520[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@localsrv[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@track.bestbuy[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@epilot[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@nextstat[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@adopt.euroclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@data4.perf.overture[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@gamestats[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@chappel.pro-gmedia[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@enhance[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@stats.drivecleaner[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1070254509[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@clicktracks.aristotle[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adtech[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.winantiviruspro[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@pch.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068455745[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@klik.klikadvertising[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@server.cpmstar[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1072697670[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@burstnet[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@richmedia.yahoo[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.pstats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1072712419[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@stats.rubbermaidcloset[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@e-2dj6wblygiazwlo.stats.esomniture[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@trafficmp[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@perf.overture[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@57386690[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-closetmaid.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@2o7[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@adopt.specificclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ads.cnn[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adserver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adultfriendfinder[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@aff.primaryads[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atdmt[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atwola[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bizrate[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@bs.serving-sys[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@buzznet.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@casalemedia[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clickondetroit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cpvfeed[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@doubleclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@drivecleaner[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@edge.ru4[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@ehg-pcsecurityshield.hitbox[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@fastclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[10].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[11].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[12].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[13].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[8].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@i.screensavers[9].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@interclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@mediaplex[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@revsci[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[10].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[11].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[12].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[13].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[8].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[9].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@serving-sys[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@sexbuddies[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@specificclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@statse.webtrendslive[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantispyware[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantivirus[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.burstnet[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie
sisley@www.clickondetroit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@zedo[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\RG90DGLLIFNPC2XLEQ\L36XX355KIHDWZU5YK.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061730.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062020.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP640\A0076218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077416.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077484.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077559.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP653\A0078108.VBS
Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BIDSENBR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CGIWLUWF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DFPRJXDI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EFFPQQNU.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GNVHJKOC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IXUXFRWR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JSOVJGAM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SHIOSHMC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UHMPXIJD.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UYTGGTDT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP643\A0077223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077395.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077483.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077486.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077487.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077488.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077489.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077490.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077595.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077596.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077597.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077598.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077599.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077600.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077601.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077602.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077603.EXE
Trojan.Downloader-Gen/TStamp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MYLHRDUI.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076474.EXE
Adware.WebBuying-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP553\A0061651.EXE
Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061704.CFG
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075130.CFG
Adware.ClickSpring-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061727.EXE
Adware.ClickSpring/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061728.DLL
Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061729.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063399.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP637\A0075102.EXE
Trojan.Downloader-WebBuying/PopEngine
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061735.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063422.DLL
Adware.SearchClickAds
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061749.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061750.EXE
Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061931.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0061974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063425.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063429.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075148.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075199.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0076198.EXE
Adware.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062009.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063418.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063426.EXE
Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063412.EXE
Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076470.EXE
Adware.SysMon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063428.EXE
Trojan.Downloader-VisFX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063421.EXE
Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062026.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062040.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP573\A0063151.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063401.EXE
Trojan.Downloader-Gen/Blah
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062032.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077454.DLL
Trojan.WinAntiSpyware 2007
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075144.EXE
Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075147.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077447.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077448.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077449.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077451.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077452.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077455.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077457.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077473.DLL
Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063415.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075129.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077413.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077414.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077415.DLL
Adware.ZenoSearch-NVON
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075135.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077475.EXE
Adware.WebBuying Assistant/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075198.DLL
Trojan.Net-Wintouch/V2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076420.EXE
Adware.Adservs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077496.EXE
And here's the latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:52 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\hello.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) -
https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} -
https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5696 bytes
- and may I say I'm very glad all of this means something to you