Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 2.2.2025 / 11:18
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > multi problems. virus, format, hardware
Show topics
 
Forums
Forums
Multi problems. Virus, format, hardware
  Jump to:
 
Posted Message
Bama7470
Suspended due to non-functional email address
_ 		12. October 2006 @ 20:04 _ Link to this message    Send private message to this user   
*Deep breath*
Ok, here it goes. First, If this is in the wrong topic, I'm sorry. The problem started with viruses.
Second, my boyfriend is an idiot. He had absolutly no type of anti virus, spyware, malware, adware protection. Different scans gave me different numbers, but but somewhere in the vicinity of 250 to 300 infections. Running win xp btw. So, I , in all my brilliance decide to format. Seemed to easy way to get rid of it all. "Not so fast, my friend." It seems I have a virus or 13 that decided to erase all signs of my cd roms. It will detect in dos, well, when booting. I know. That should be it, However, when I put in the XP disk, It goes through loading some files, till I get a NEW blue screen. (as opposed to the old ME version.) It tells me something about something harming windows and that it was shut down for it's own good. It tells me to run av program and checkdsk. Or something like that. Well, thats fine. I would LOVE to install some av on the $^&@ machine, but when I boot into windows regular OR safe mode, no cd roms. I'm stuck. I figure a well placed kick would help, but I know I would break my toe, and then I would REALLY be mad. Can someone help please? Or just tell me to stick some paper under it?
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Advertisement
_ 		__
Niobis
Senior Member
_ 		12. October 2006 @ 20:43 _ Link to this message    Send private message to this user   
Hello Bama7470, welcome to Afterdawn. Let's see if we can find your problem/s.

Please download HijackThis from here.
Create a folder in C:\ named HjT.
Extract HijackThis to the new folder.
Open HijackThis.exe and click "Do a system scan and save a log file".
Copy/paste the log in your next reply.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		12. October 2006 @ 21:11 _ Link to this message    Send private message to this user   
Sorry this takes so long. I'm having to use a jumpdrive to go between computers. Here is log:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:05 AM, on 10/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\pbgnm\shedtf.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\xfhimo.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\icasServ.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\SWOD.exe
C:\WINDOWS\System32\087qua9h.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\System32\icasServ.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [087qua9h] C:\WINDOWS\System32\087qua9h.exe
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [rihqvv4p] C:\WINDOWS\System32\rihqvv4p.exe
O4 - HKLM\..\Run: [txcuxff] C:\WINDOWS\System32\xfhimo.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

My, but your busy. Thanks for helping.

[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Bama7470
Suspended due to non-functional email address
_ 		12. October 2006 @ 21:30 _ Link to this message    Send private message to this user   
I am not trying to bump, but Yes, there are av on it now, But I didn't get it on there till MUCH to late. I would run some of them, and they would say it was clear, but I reboot comp, and Voila, there the %$%$* they were again. It is NOT hooked up to the net now, I don't know if that will help any or not.
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		12. October 2006 @ 23:31 _ Link to this message    Send private message to this user   
Oh my! Where to start? :)

Windows needs SP1, please when you can get online update to SP1. Do not get SP2 until your clean.

I think we'll hit Nail/Epolvy/DSR first as they are internet killers.

Go here to download the trial version of AVG Anti-spyware.
Go here and download Nail/Aurora Fix Setup(7th file on page)
Go here and download CCleaner.
Go here and download dsrfix.zip.
Go here and download APT.

Trasnfer all to the desktop.

Install AVG Anti-spyware.
Do not run a scan yet, we will later.

Install CCleaner and open.
Click Options > Advanced > uncheck "Only delete files in Windows Temp folder older than 48 hours".
Close CCleaner.

Unzip dsrfix to the desktop.
Do not run it yet, we will later.

Unzip APT to a new folder.
Open the folder and open apt.exe.
Search for xfhimo.exe
Open your C:\WINDOWS\System32 folder and search for xfhimo.exe. Don't delete it yet, just leave the System32 folder open so you can see the bad file.
In APT again, select xfhimo.exe and click "Kill3".
Then immediately delete xfhimo.exe from your System32 folder.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).

Open nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly, this is normal.

Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.

Open HijackThis and run a scan only and check these(if there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [txcuxff] C:\WINDOWS\System32\xfhimo.exe r

Close all windows except HjT then click "Fix checked".
Close HjT.

Now open the folder dsrfix on your desktop.
Double-Click on dsrfix.bat.
A window will pop up briefly then close, this is normal.

Show all files.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Find and delete the following files(if there):
C:\WINDOWS\dinst.exe
C:\WINDOWS\dsr.dll
C:\WINDOWS\AuroraHandler.dll

Empty the Recycle Bin.

Close all windows.
Open CCleaner.
Click "Run cleaner".

Run a scan with HijackThis and get a new log.
Post back with the AVG report and the HjT log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 12. October 2006 @ 23:34
Niobis
Senior Member
_ 		13. October 2006 @ 00:02 _ Link to this message    Send private message to this user   
Forgot to ask: do you want to try to clean everything or do you want reformat when you can use discs again?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		13. October 2006 @ 15:19 _ Link to this message    Send private message to this user   
Reformat. Please. I'm not a complete idiot whan it comes to computers, but I think this is WAY beyond me. Is it infact viruses keeping me from the cdroms? I thought it was because I could access them on start up before windows loaded. Will take me awhile to get all the proggies d/l and transfered. Will reply again when finished with your list.
Thanks soooooo much for you help. And your response said it all, lol.

[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Bama7470
Suspended due to non-functional email address
_ 		13. October 2006 @ 15:42 _ Link to this message    Send private message to this user   
I'm sorry to double post. Haven't learned to edit yet. I cannot use APT to kill xfhimo.exe. It tells me "Process still exist. Terminations appears to have been unsucessful." Should I try it in safe mode?

[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		13. October 2006 @ 16:39 _ Link to this message    Send private message to this user   
Quote:
Is it infact viruses keeping me from the cdroms?
Most likely.

To edit, click the paper icon in the top right of the post.

Open HijackThis.
Click "Open misc tools section".
Click "Delete a file on reboot..."
Find C:\WINDOWS\System32\xfhimo.exe and select it.
Restart in safe mode and continue with nailfix.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		13. October 2006 @ 21:45 _ Link to this message    Send private message to this user   
sorry bout the double post. had to be the long one right?
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~

This message has been edited since posting. Last time this message was edited on 14. October 2006 @ 08:23
Bama7470
Suspended due to non-functional email address
_ 		13. October 2006 @ 21:46 _ Link to this message    Send private message to this user   
WHEW!

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:18:01 AM 10/14/2006

+ Scan result:



C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-222814-830.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223200-791.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm_gdf.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm_kyf.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salmau.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salmhook.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO.1 -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CLSID -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CurVer -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ADPower -> Adware.AdPowerZone : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ADPower\SkyH2 -> Adware.AdPowerZone : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Error during cleaning.
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\eeennn -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\kkws -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\ppops -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\reel -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\ssites -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F833E74-31C3-4BE4-ADB8-6A25C0\CDDF04E7-9BB1-49E3-A264-93875B -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\psuwwop.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\devlphcv.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BolgerDll.BolgerDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4AA870AC-8427-42a4-B92E-ECD956197489} -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AA870AC-8427-42a4-B92E-ECD956197489} -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\aurora -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\aurora -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Adware.CashBack : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4BC989F5-CF96-470E-8AD3-9BC07B\A1D219FF-B10E-4950-9A94-3F4CEA -> Adware.CoolBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65365E5C-A84C-79CB-4FC6-7C1BFA8DEF55} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5F87BA35-7600-4CC6-BD92-6E45C9\3D8A579C-1B93-4D2C-920E-F3DBBE -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E14467A1-ED26-41EE-9DC5-4606A5\3EE4B048-5A19-4056-9029-9E0489 -> Adware.ImiBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historystring -> Adware.ISTBar : Error during cleaning.
HKU\.DEFAULT\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\WINDOWS\SWOD.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Error during cleaning.
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Adware.MediaMotor : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Pynix -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Pynix -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mit1AB.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mit1AB.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Error during cleaning.
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\20AB5F9A-8EC5-431C-BE12-5AEB26 -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\D16551C6-C547-4104-BAFD-A4D02E -> Adware.Pacer : Cleaned with backup (quarantined).
C:\WINDOWS\1bemq711.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\bundle_mediamotor1004.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\idbfojf4.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\shop1004.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\087qua9h.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\d004ujq1.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pj424ps1.dll -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q69pffph.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qlcumseo.dll -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rihqvv4p.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\_detmp.1:giibng -> Adware.SearchPage : Cleaned with backup (quarantined).
C:\WINDOWS\system32\srlxi.dll -> Adware.SearchPage : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 -> Adware.TopConverting : Error during cleaning.
C:\Program Files\Microsoft AntiSpyware\Quarantine\93C2EE72-D60A-41B7-8E4D-67F931\22BC7593-864D-486C-AADD-64F02B -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\93C2EE72-D60A-41B7-8E4D-67F931\55E442F6-E7F6-423B-9BB6-EFA4BF -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Bolger -> Adware.VX2 : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Bolger -> Adware.VX2 : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\WINDOWS\weirdontheweb_topc.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K3HJMYV5\MediaPass[1].exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y99YBQTW\MediaPassC[1].dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y99YBQTW\bridge-c18[1].cab/MediaPassX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZEWZ3L81\MediaPassK[1].exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223159-459.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Media Gateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D062E58-CD4C-46DF-B74D-4202CD\9D127246-8C3E-4C76-93D3-0FEC92 -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D062E58-CD4C-46DF-B74D-4202CD\CBE384B2-DFD8-49A2-9542-CDF7B1 -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Netscape\Netscape Browser\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaPass.Installer -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\MediaPass.Installer\CLSID -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\MediaPass.Installer\CurVer -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Error during cleaning.
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Adware.YourSiteBar : Error during cleaning.
C:\WINDOWS\unstall.exe -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Error during cleaning.
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\spm1316.dll.q_804EA00_q -> Backdoor.Agent.en : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\wer1316.dll.q_804EA00_q -> Backdoor.Agent.en : Cleaned with backup (quarantined).
C:\WINDOWS\installer_SIAC.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037469.ini:rwvsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DeLGPS.ini:erygv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sa4_draw.ini:llpqp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sa4_wksp.ini:rwvsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\education.url:xsrlx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log:ujrxb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:zpvzc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SIERRA.INI:cqycx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\Sti_Trace.log:nkccv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_detmp.1:smbssw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\tsc.ptn:fluhx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223200-374.dll -> Downloader.Agent.ex : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\25F01AAB-A6AC-4CCA-A0BC-5DE6A2 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\7DB1C357-EF64-4ED5-998E-66326E -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\C7665094-CF04-4FD6-B12E-2CABE8 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\E252D8E5-AEF3-4935-B51C-792F29 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\5FDDE408-1E2C-4859-8E26-7F7219 -> Downloader.Agent.mw : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Ry7Ggd3z.exe -> Downloader.Agent.tw : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\054DA9A8-7CC4-4CF8-BB75-AD6B2C -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\47F306CC-A260-4120-A358-9C2951 -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\B37B3AB6-B24F-4CA8-A53F-C34847 -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1D256F57-D35F-4F13-9587-DFB2C0\82F13DA5-F8C4-4511-891E-E8CCA9 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1E39F11F-666E-4296-AE00-234EA7\6C49B818-BA0E-4AF1-9940-CBBB85 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2ACA9349-E5C3-4C2C-AA31-D5A949\DBB841E1-45A9-409E-8FEF-BCA3A0 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\810EEEE2-6E79-4546-B986-6E0035\7399495D-3C20-4FA2-B39B-0679D4 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D8175A87-C466-4C73-9FCC-63D218\1BF39802-D228-4C01-A2D5-3E9E6F -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\DDE52800-C0FB-4AEE-B376-1762B8\1A6D103B-B7E2-497C-AD4A-EAD6F7 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223159-566.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D97F74EF-4C8B-4137-AF22-B2AE3C\F632A7F2-B88A-409C-A0D6-ED9677 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ICD1.tmp\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XJFRL146\istdownload[1].exe -> Downloader.IstBar.lz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\iinstall.exe -> Downloader.IstBar.lz : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\18FB7BE4-9E73-48CB-A46F-360A7D\3965CBA5-6B45-47CC-8E79-BD7175 -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\18FB7BE4-9E73-48CB-A46F-360A7D\F1BC0CCE-E5E5-43F8-B011-6E5965 -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Del1AA.tmp -> Downloader.Small.asf : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8BD4C928-8C68-4D7D-84FB-86A272\7192ED0B-3CBE-47B2-9223-F8F0A4 -> Downloader.VB.eu : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\mm81.ocx -> Downloader.VB.ov : Cleaned with backup (quarantined).
C:\WINDOWS\mm81.ocx -> Downloader.VB.ov : Cleaned with backup (quarantined).
C:\command.exe -> Dropper.Delf.ev : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0BC078C-356F-4774-B8F9-2F1A13\A0BEDB48-9AAD-4136-80C0-2BE28C -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\SSK3_B5.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\icasServ.exe -> Hijacker.Small.fd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rfgae.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@buycom.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.152:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.153:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.203:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.204:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.167:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.168:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.169:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.170:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.171:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.172:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.173:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.174:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.175:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.176:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.137:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.210:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.208:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.209:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.211:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.197:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.181:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.182:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cliks[1].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.35:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.36:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.37:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@e-2dj6wfmysiazskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wfkiwod5ogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjl4uicjsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjliekajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjnyggczmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.96:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.44:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.127:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.39:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.147:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.125:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.40:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.41:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.138:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.139:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.21:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.26:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.10:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.8:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.9:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ws.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.67:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.68:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.69:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@www.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned.
:mozilla.108:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.135:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.102:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.150:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.151:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.52:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.112:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\_detmp.1:alqfym -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\erygv.dat:psjrs -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\win.ini:jigee -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\04D42C3E-2893-44E0-9A13-36D0CB\0E5F7FAE-1987-4877-A51F-415288 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F9B20F2-7E93-4C96-B576-8BD52A\123A572A-946C-4D5D-98B5-005713 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\280C7FD9-D54E-41EE-BDAD-ADBA2B\D033F5F9-665D-496D-B4D0-0D3798 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\40C74A31-5C28-4B9C-83D9-3373EB\02A7123A-AA0E-4079-AE06-76D543 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4C8F4611-E959-43B1-9524-CEDFA7\233B7AC0-F9D1-4D4A-BB8F-EDB3D3 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5AE32E6B-8B9F-4117-8AEC-4988A5\BCC8E5E0-410D-4839-8E25-9389F4 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\764A5B94-ED78-4951-91AF-5C9577\932358AC-3B33-4A9B-8BDA-7A8151 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B144ED1F-C4EA-45B7-AB1E-BF1CD2\F7551CFB-99E8-428C-90D3-D422D5 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B37A6D6E-F9C6-4302-8CC8-E49A56\25F4E55E-3E18-4464-8F0D-3B5148 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBFA8E12-7FD1-49CE-8C75-1C6592\6E973BEB-288D-4A4B-B03A-BACFDA -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9CB7ACE-02CC-469B-A3EF-598AED\DABBDCF8-6019-45DF-9DF7-252A6B -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042525.dll -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042523.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042524.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0036454.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037454.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037464.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0038503.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0038504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0039504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0040504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0042504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0042510.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042519.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\518D3A11-CF4A-4AB5-B095-CA32DC -> Trojan.VB.ux : Cleaned with backup (quarantined).


::Report end

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:40 AM, on 10/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Gosh.




[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		13. October 2006 @ 22:25 _ Link to this message    Send private message to this user   
Edited: Last HjT scan was run in safe mode. Always scan in normal mode to get a new log.

Oh, and please edit one of those posts. :) (click the paper icon in the top right of the post)

Instructions below...
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 13. October 2006 @ 23:35
Niobis
Senior Member
_ 		13. October 2006 @ 23:34 _ Link to this message    Send private message to this user   
Go here and download Spybot Search and Destroy and install it.
Will run a scan later in safe mode.

Go to Start > Run > type services.msc
Find shedtfpbgnm and double click it.
Click Stop.
Close services.msc

Open HijackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/Paste this into the box and click OK.
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe
Close HijackThis.

Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart in safe mode.
Open Spybot.
Click "Check for Problems".
When it finishes, click "Fix selected problems".
Right click and select "Copy results" (not full report)
Open Notepad, paste and save them.

Open and fix these with HijackThis(if there):

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll (file missing)
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe

Close HijackThis.
Find and delete the following files and folders(if there) search if needed:
C:\WINDOWS\System32\dgrsrww.exe <-file
C:\WINDOWS\SWOD.exe <-file
C:\WINDOWS\System32\pbgnm <-folder
C:\WINDOWS\System32\wptgovu <folder
C:\WINDOWS\System32\pbgnm <-folder
txfnds.exe <-file
winsink.exe <-file

Delete everything in this folder.
C:\Documents ans Settings\Smitty\Local Settings\Temp\lpmrgjq.exe

Empty the Recycle Bin and restart in normal mode.
Open HijackThis.
Click "Open misc tools section".
Click "open Uninstall Manager".
Click "Save List".
Run a new scan and save a new log.

Post back with the Spybot log, the uninstall list and a the HijackThis log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 13. October 2006 @ 23:37
Niobis
Senior Member
_ 		16. October 2006 @ 02:47 _ Link to this message    Send private message to this user   
Been a couple days...how are things going?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		16. October 2006 @ 20:13 _ Link to this message    Send private message to this user   
Sorry, had a Family emergancy going on. Will update tomorrow.
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Bama7470
Suspended due to non-functional email address
_ 		23. October 2006 @ 15:14 _ Link to this message    Send private message to this user   
Hi. Sorry that took so long. Grrrr.

"Go to Start > Run > type services.msc
Find shedtfpbgnm and double click it.
Click Stop.
Close services.msc"

I cannot do that. Something is preventing it from happening. It says there is no problem witth the service. I tried disabling it, it would switch back, tried failing it, nope..
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		23. October 2006 @ 15:41 _ Link to this message    Send private message to this user   
Hey, good to hear from you again. :)

Just continue with the rest of the insturctions. We'll try again later. Might be a file or something stoping you from disabling it.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		23. October 2006 @ 17:16 _ Link to this message    Send private message to this user   
Ok, whew, here we go.
Spybot SandD in safe mode.

SexList: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

SexList: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

CoolWWWSearch: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERSS-1-5-18\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\SearchUrl\=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERSS-1-5-18\Software\Microsoft\Internet Explorer\SearchUrl\=about:blank

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Ab scissor.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Broadband comparison.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Credit counseling.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Credit report.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Crm software.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Debt credit card.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Escorts.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Fha.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Health insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Help desk software.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Insurance home.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Loan for debt consolidation.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Loan for people with bad credit.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Marketing email.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Mortgage insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Mortgage life insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Nevada corporations.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online Betting Site.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online gambling casino.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online instant loan.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Order phentermine.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Payroll advance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Personal loans online.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Personal loans with bad credit.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Prescription Drugs Rx Online.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Refinancing my mortgage.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Tahoe vacation rental.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Unsecured bad credit loans.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Videos.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\What is hydrocodone.url

CoolWWWSearch.Aff.Winshow: Program directory (Directory, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Only sex website.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Seven days of free porn.url

Dr.PMon: Picture (File, fixed)
C:\WINDOWS\bestoffers.ico

ISearchTech.PowerScan: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

MBKW-Bar: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\MBKWBar

MBKW-Bar: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\MBKWBar

RegistryOptimizer: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AffiliateCreator

RegistryOptimizer: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-796845957-764733703-1060284298-1003\Software\RegistryOptimizer.com

Roings: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\IObjSafety.DemoCtl

Roings: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-796845957-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: Data (File, fixed)
C:\WINDOWS\inf\farmmext.inf

ABetterInternet.Aurora: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

ABetterInternet.Aurora: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}

ABetterInternet.Aurora: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\AuroraHandlerDll.AuroraHandlerDllObj

ABetterInternet.Aurora: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\AuroraHandlerDll.AuroraHandlerDllObj.1

ABetterInternet.Aurora: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{544B6A3F-4024-4403-9661-69B8410BE505}

ABetterInternet.Aurora: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{6D992911-B563-47FC-AB29-437F42D1C729}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.SinkObj.1

DyFuCA: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.SinkObj

DyFuCA: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj.1

DyFuCA: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}

EffectiveBandToolbar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\TPUSN

ISearchTech.ISTactiveX: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}

ISearchTech.ISTbar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}

ISearchTech.YSB: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}

ISearchTech.YSB: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}

ISearchTech.YSB: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}

ISearchTech.YSB: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

ISearchTech.YSB: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

ISearchTech.YSB: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

ISearchTech.YSB: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

ISearchTech.YSB: Module usage (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

ISearchTech.YSB: Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

ISearchTech.YSB: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\YSBactivex.Installer

ISearchTech.YSB: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}

Laypros: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\WinSock2\Layered Provider Sample

MediaMotor: Configuration file (File, fixed)
C:\WINDOWS\Downloaded Program Files\m67m.inf

MediaMotor: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}

MediaMotor: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}

MediaMotor: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

MediaMotor: Link (File, fixed)
c:\Documents and Settings\All Users\Desktop\Screen Savers.url

MediaMotor: Executable (File, fixed)
C:\WINDOWS\hisistheurls.exe

MediaMotor: Program directory (Directory, fixed)
c:\program files\joystick networks\setup\

MediaMotor: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}

Mirar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}

Mirar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy

Mirar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy.1

Mirar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}

Mirar: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}

Mirar: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

Pacimedia: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Ddate

Smitfraud-C.: Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\website.ocx

SurfSideKick: Library (File, fixed)
C:\Documents and Settings\LocalService\Application Data\Sskuknwrd.dll

Zango: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}

Zango: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}

Zango: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}

Zango: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}

Zango: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller

Zango: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads1.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads2.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads3.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads4.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.trendmicro.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
trendmicro.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
rads.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
us.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
secure.nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
dispatch.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
download.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.my-etrust.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
my-etrust.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
mast.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
ca.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.ca.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
networkassociates.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.networkassociates.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
avp.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.kaspersky.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.avp.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
kaspersky.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.f-secure.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
f-secure.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
viruslist.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.viruslist.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
liveupdate.symantecliveupdate.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
sophos.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.sophos.com=127.0.0.1

180Solutions.SearchAssistant: Link (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\180search Assistant.com.url

180Solutions.SearchAssistant: Link (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\Uninstall 180search Assistant Instructions.lnk

180Solutions.SearchAssistant: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent.1

180Solutions.SearchAssistant: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ncmyb.SABHO

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ncmyb.SABHO.1

180Solutions.SearchAssistant: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}

180Solutions.SearchAssistant: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}

180Solutions.SearchAssistant: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\

180Solutions.MediaGatewayX: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MediaGatewayX.Installer

180Solutions.MediaGatewayX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}

Admilli Service: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Alexa Related: Link (Replace file, fixed)
C:\WINDOWS\Web\related.htm

DealHelper: Program group (Directory, fixed)
C:\WINDOWS\system32\DealHelper\

eXact Advertising.BargainsBuddy: Program group (Directory, fixed)
C:\Documents and Settings\LocalService\Start Menu\Programs\BullsEye Network\

eXact Advertising.BargainsBuddy: Executable (File, fixed)
C:\WINDOWS\system32\exclean.exe

eXact Advertising.BargainsBuddy: Data (File, fixed)
C:\WINDOWS\system32\psis80ex.ax

eXact Advertising.BargainsBuddy: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ADP.UrlCatcher

eXact Advertising.BargainsBuddy: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ADP.UrlCatcher.1

Huntbar: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}

Huntbar: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}

Huntbar.Web Search: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C380566D-F343-42AB-987B-6B38A1A35747}

IE Plugin: Data (File, fixed)
C:\WINDOWS\lu.dat

Topconverting: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader2Ctrl.1

UCmore: IE toolbar (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47F0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47F0-85BB-3FFD8020233E}

UCmore: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

Wind Updates: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\AdToolsX.Installer

Wind Updates: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Wind Updates: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Elitum.EliteBar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{205FF73A-CA67-11D5-99DD-444553540013}

Elitum.EliteBar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}

Intexp.D: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\dsrch

Intexp.D: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\dsrch

Intexp.D: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}

Intexp.D: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\DSrch.Band

Intexp.D: Data (File, fixed)
C:\WINDOWS\kwv2.dat

Windows AdTools: Data (File, fixed)
C:\WINDOWS\system32\ide21201.vxd

Startpage-EH: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


Startpage-EH: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-06 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-06 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-06 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-06 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-06 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-06 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-06 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)

Uninstall in normal mode:

Adobe Acrobat Reader 3.01
Adobe Reader 7.0
AirStrike 2 (remove only)
Avance AC'97 Audio
AVG Anti-Spyware 7.5
BlackICE
CCleaner (remove only)
Civ3 Conquests v1.22 Full
Civ3 MultiTool
Civ3MultiTool
CivAssist 1.1.2
CivAssist II
CivAssist II
Civilization III
Civilization III Play the World
Civilization III v1.29f
Civilization III: Conquests
CleanUp!
Codec Pack - All In 1 6.0.2.3
Desktop Weather by The Weather Channel
GameSpy Arcade
Gold Miner Joe
HijackThis 1.99.1
InterVideo WinDVD
LiveUpdate 2.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.42 .1
Logitech User's Guide
Media Gateway
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Fighter Ace II
Microsoft Flight Simulator 2002
Microsoft Office 2000 Premium
Mig Alley 1.1
Mozilla Firefox (1.0)
MUSICMATCH Jukebox
Netscape (7.2)
Netscape Browser (remove only)
Popcorn Trial
QuickTime
RealArcade
Registry Cleaner (Trial)
Roller coaster Tycoon
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Select CashBack
Select CashBack
SiS 650_651_M650_740
SiS 650_651_M650_M652_740
Smart Office Keyboard
SoulSeek Client 155
Spybot - Search & Destroy 1.4
SpySubtract
SpywareBlaster v3.2
Street Atlas USA 5.0
Summer Schoolgirls Demo
TContext
The Weather Channel
Weather Services
WeirdOnTheWeb
WinRAR archiver
WinZip
Yahoo! Address AutoComplete
Yahoo! Install Manager

Hijackthis in normal

Logfile of HijackThis v1.99.1
Scan saved at 8:09:01 PM, on 10/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe


[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		23. October 2006 @ 17:35 _ Link to this message    Send private message to this user   
Great! Looking much better now, but still not free.

Go to Add/Remove Programs and uninstall the following:
Media Gateway
Select CashBack
TContext
WeirdOnTheWeb
All those are either adware or related to adware.

Restart your computer.

You said you wanted to reformat, so you should be able to do that now. But if you would like to continue with the cleaning please let me know and we'll continue.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Bama7470
Suspended due to non-functional email address
_ 		23. October 2006 @ 18:04 _ Link to this message    Send private message to this user   
Well, I uninstalled those four, plus alot more that I didn't use anymore. But I still don't have my cd-roms. I guess clean some more? Please? Thanks so much for your patience. And I can tell a HUGH differene between now and before.
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		23. October 2006 @ 18:20 _ Link to this message    Send private message to this user   
I don't think your discs problems are coming from malware any longer.

We'll completly finish clean(not much more) and then we'll see if it's a malware or hardware problem.

I'm assuming you can use internet now, atleast I hope so. :) Let me know if you can't.

Go here and download and install XP Service Pack 1a. You can get SP2 after we know you're fully cleaned.

After installing, SP1 go here and download Java Runtime Environment 5.0 Update 9.
Uninstall all previous versions of JRE via Add/Remove Programs.
Restart and install Update 9.

Then, go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as" and save it.

Post back with the Kaspersky log and a new HijackThis log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 23. October 2006 @ 18:22
Bama7470
Suspended due to non-functional email address
_ 		23. October 2006 @ 18:37 _ Link to this message    Send private message to this user   
I'm sorry. This may be where we call it quits. That computer is not online. And it will take me awhile to get it online. I will have to play with my little ethernet hub for hours. THEN call my isp and get them to recognize the darn thing. I have sp1 on disk around here somewhere, but, without my roms working...... well, you know.... BUT, I can try to format again. The cdrom read the disk to boot from it, SO, I may still be able to format. The problem before, with the blue screen, may have been a virus. Then, tho, I'm worried, if it will read from it to boot, and it is a hardware problem, then I won't be able to install xp back on.. Does that make sense?
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Niobis
Senior Member
_ 		23. October 2006 @ 18:59 _ Link to this message    Send private message to this user   
Hmm, well if you can boot from a disc then you should be able to reformat. But you can reformat without having to use discs(use a wiping program). And after the format reinstalling Windows shouldn't be a problem, that is, like you said, if it isn't a hardware problem.

We can try a few more things(maybe WinPFind) to make sure you're clean or not, so let me know if you want to continue and try those or if you just want to try to reformat.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 23. October 2006 @ 19:00
Bama7470
Suspended due to non-functional email address
_ 		23. October 2006 @ 19:20 _ Link to this message    Send private message to this user   
I would love to try somemore, if you're game. However, I have to get people areound here in bed and all, so it will be tomorrow. I can d/l anything you recommend, as long as it will fit on my 512 meg jumpdrive. I will do my best to have it online soon, but no guarentees. I had to keep it offline inorder to use the blasted thing. All those bugs were all trying to connect at once, then you had those internet killers. It was awful. 40 sumodd windows... grrrr. Anyway, if you think we can clean it using d/l proggies, then I won't need to format. As soon as I know it won't infect my computer, then I can get it hooked up to mine and online. I really need wireless, instead of hub. Anyway. Will be back on here tomorrow. Thanks for everything and your patience. Take care.
[ + quote]
~Carpe Diem ~ Carpe Noctum ~ Carpe Cerevisia~
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		23. October 2006 @ 19:33 _ Link to this message    Send private message to this user   
Yup, I'm up to it. :) Just post back when you can.

Try getting online as soon as you can, no rush though. It would just be nice to get an online scan ran. The malware that was trying to use the internet is now gone. Not saying there aren't more, but the internet killers are gone so you should be okay to use the internet without all the "popup windows" trying to open.

Download WinPFind2

-Extract the files to a folder (C:\WinPFind2).
-Open WinPFind2.exe to start the program.
-Under "File Options" click the Select All button.
-Under "AddOn Options" check the following:
* HKLM_IE_Main.def
* System Restore.def
-Click the Run all Scans button.
-When its finished scanning you will see "Scans Complete!" at the bottom left of the program.
-Click the Simple Report button.
-Notepad will open with the log.
-Post the log in your next reply.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > multi problems. virus, format, hardware
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork