Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c, Spyaxe, Psguard And Probably More


  • Please log in to reply
11 replies to this topic

#1 perthperson

perthperson

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 03 December 2005 - 05:04 PM

I've gone thro all the steps you recommend, as well as I could. Adaware found a lot of things the first time round but can't get rid of Psguard. Spybot found Smitfraud - C and SpyAxe - I think it got rid of SpyAxe (maybe). There's pop-ups all the time telling me my computer is infected but I reckon that they're just coming from one of the baddies.
Also we have Kazaalite on the computer (installed by my son, not me, honest) might that be part of the problem and should I uninstall it?
Here's my HijackThis log. (I'm definitely an amateur so please make any instructions simple if you can)
Thank you very much.

Logfile of HijackThis v1.99.1
Scan saved at 21:49:30, on 03/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\spywaretools\gcasServ.exe
C:\WINDOWS\System32\RunDll32.exe
C:\spywaretools\gcasDtServ.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp428D.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\spywaretools\gcasServ.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 03 December 2005 - 05:14 PM

Hi and :flowers:

My name is David Posted Image

Download the SpyAxeFix.exe here:

http://noahdfear.geekstogo.com/SpyAxeFix.exe

Save it to your desktop. Close all other programs and windows. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will disappear, and your computer will restart when the tool completes. A text file will be created in the SpyAxeFix folder. Post it's contents and a new Hijack This log in your thread here:

:thumbsup: Click here to download smitRem.zip.
  • Save the file to your desktop.
  • Unzip smitRem.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
:trumpet: Download Cleanup from Here
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET

:inlove: Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
:woot: Click here for info on how to boot to safe mode if you don't already know how. Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. Restart your computer into safe mode now. Perform the following steps in safe mode:


:cool: Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


:idea: Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
:) Start Ccleaner and click Run Cleaner


:bike: Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

Restart back into Windows normally now.


:spam: Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the ewido scan

David

#3 perthperson

perthperson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 04 December 2005 - 10:55 AM

Hello David

Thanks for your really quick reply. I have run all the programmes you asked me to. Only thing was I couldn't work out how to delete the files that Activescan detected but didn't disinfect. Here's the results now.



Logfile of HijackThis v1.99.1
Scan saved at 15:50:39, on 04/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\spywaretools\gcasServ.exe
C:\WINDOWS\System32\RunDll32.exe
C:\spywaretools\gcasDtServ.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp428D.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\spywaretools\gcasServ.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



ACTIVESCAN

Incident Status Location

Adware:adware/searchaid Not desinfected C:\WINDOWS\SYSTEM32\apiyr.exe
Adware:adware/navipromo Not desinfected C:\WINDOWS\SYSTEM32\sdkao32.exe
Spyware:spyware/fastsearchweb Not desinfected C:\WINDOWS\SYSTEM32\shdocpe.dll
Dialer:dialer.baj Not desinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\eied.inf
Adware:adware/cws.008k Not desinfected C:\WINDOWS\appaz32.exe
Adware:adware/ncase Not desinfected C:\WINDOWS\msbb32.exe
Adware:adware program Not desinfected C:\WINDOWS\netqm32.exe
Dialer:dialer.xd Not desinfected C:\WINDOWS\switchagreement.txt
Adware:adware/securityerror Not desinfected Windows Registry
Adware:Adware/MediaTickets Not desinfected C:\WINDOWS\Downloaded Program Files\eied.inf
Virus:Trj/Downloader.AEU Disinfected C:\WINDOWS\Downloaded Program Files\ied.inf
Dialer:Dialer.Gen Not desinfected C:\WINDOWS\switchagreement.txt



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 14:00:49, 04/12/2005
+ Report-Checksum: 1FCD5B4F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00AF6BF7-1C8A-2F68-11A6-3DD4FD5A3DED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{029DB004-6BCD-0E73-3AEA-F205B565F0F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05971453-FE87-CB75-BB1F-338A196198B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05C2ECE7-AB9F-8750-F571-7DD76F135929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{06559367-A395-44B2-D6A0-0631D6323797} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07FF232E-41D0-38A2-6073-6847AD3E6453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B2910B5-8AE6-8676-E13B-4CEC5E6A75F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B4F9B2C-F81D-7C42-AE33-07F0FCB846EC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16C710FD-4C93-9C02-15FC-681DF7937350} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3E7FA6-E393-C514-F461-E0B59435D825} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E920882-80EF-BD61-DBBD-0847C13D1197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6A3B74-3D40-4D48-4D55-E3A0A8029CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{252B02AB-6C7E-32B3-827D-F05DA151232D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A9B7B46-3BB6-BB3C-9E0A-6C988B9DE22E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2AC8EC43-EAE7-F7BD-2B63-7DE1FF58C69F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3061EF1C-F3C8-2DAB-24E0-C96288EB621D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3508830D-8A20-1C38-52A8-8DC8B11EE6F4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38D4E2FB-BB30-60CB-0D77-12064B5A0EE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9E0A95-3EBA-124F-52D1-033C73734625} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3BAA3AE9-9C0B-E08A-A982-9818F457337E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43372D0D-6EAD-977A-99EE-8DFB043153ED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44A4F449-ADED-A513-8AE7-5A3DDF205F49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{497AEAF3-0F8F-A4B6-48F2-A80144D90604} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A5DA6C7-CAFA-ADBE-1CBD-9DB325C4EB88} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4B3176F0-E32F-B010-C0D8-65FC118C3716} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CC6B346-9934-1C2F-1EBB-53F81823D9B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F8E9FA5-37E2-683E-E18D-19AC6697532D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5AF0B5AF-80E5-5F00-7457-4FF9847707D9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5BCC3EE7-9153-E89F-6D4E-9B02B02B4E2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5DA6CA48-7D98-BC0B-40EF-22AC6558668A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61682029-A490-5C49-D9FD-682FB2DA97AF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64770A00-0C3B-BCEC-D32D-83EE61896228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66DEB589-B6D4-E95E-2E36-26287464CD11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{677E5988-9E47-B4BE-8002-B86CEAD32154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BE5CD97-C2FD-46BB-5C0A-9634487B916D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D3DF846-86BE-A81E-C69E-5A1818F8E929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EDB124C-8B12-ABA8-CA16-CEBAC7061ADE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{73A0FEF4-C4EC-89F0-F3BC-FE7F59AD1DBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7868EC16-8C67-1DBD-6D5A-EBB325881BD9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8169E4D3-2914-C956-AAFE-F49D78C929A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821C8BB3-C516-BEE5-C6A4-ECF0D92BF426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8263BB7B-DDE9-23FF-589B-C8F6C675BE35} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{865E2CEC-DCDC-CF30-C932-8A491F233655} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0FEDBB-3762-AEB7-E85E-6BCC16F76759} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F60435F-DF74-6308-E8CB-509D69906821} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{90DEE38B-0DB3-A3CA-6F69-126542AD0FA1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E2092B1-77DB-2A6A-A476-8BAA6CC65237} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3B9B534-33C7-F4A9-994E-4A8BFD538322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7D90935-7D8E-3E5D-9E71-486D629FCAAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97B64CA-35C4-DD86-2890-054EE94CE844} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB537FC9-E3D4-FBBF-80FD-2CDE0ABCC38B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1300934-5207-3933-066D-455DDE935ADD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B38F516E-48F2-CDBB-7D76-E0CFBCDBEE45} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCA234F8-DBE0-1CBE-CE94-63240442E405} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD9A8BB0-8BF8-EC2E-5A23-8010E127E35B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFB13F83-4E3B-A3C3-D100-FEE3424CD9C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C174CC42-7291-0DCA-CE42-7DB1C655AADD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2E5E32B-0FD0-16A5-10FE-EDA2D4478683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C75B8795-6012-883F-06EE-5F1501763CFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C81EDEFC-5AB9-55D2-CDED-3C677E07B4E6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD01143E-9B70-CB99-C455-87936A69EFA2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D3E61C7F-BD83-EA01-13F4-464C2595C096} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D605EAFF-2C3A-4619-43C1-4FFB062F68DE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D775F18B-70E6-FBB1-C13D-52CE71E899B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DABFF8C3-DF48-F11C-290D-D7CD732B35CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E365460D-7563-2763-5E38-85F172854EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E36A99D7-088F-A5E8-1BA4-87116D938D49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2352FD0-B78A-FC66-EE98-5DFBF99E1F48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FE0CF482-D7A9-BD18-0056-CF55E4EDD446} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF9A5C46-DA40-2321-E19B-261681A78BB1} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\sqe6ir0w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Admin\Cookies\admin@google-download.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.22:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.23:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.24:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.25:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.26:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.27:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.99:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.100:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.101:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.102:C:\Documents and Settings\jamie\Application Data\Mozilla\Firefox\Profiles\xjpziyl8.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@e-2dj6wfliapcjico.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@e-2dj6wjlysmdjmfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\jamie\Cookies\jamie@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\W1MHG783\gdnAT2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\june\Cookies\june@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.6:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.8:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.9:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.11:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.12:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.37:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.38:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.39:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.40:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.41:C:\Documents and Settings\neil\Application Data\Mozilla\Firefox\Profiles\i20h0bvo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\neil\Cookies\neil@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\robbie\Cookies\robbie@122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\robbie\Cookies\robbie@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\robbie\Cookies\robbie@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\robbie\Cookies\robbie@server.lon.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\robbie\Cookies\robbie@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL -> Spyware.MyWebSearch : Cleaned with backup


::Report End


Thanks in advance!

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 04 December 2005 - 11:04 AM

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp428D.tmp (file missing)
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab


Download killbox from here:

KillBox

Unzip the folder to your desktop.

1. Start Killbox.exe
2. Select the Delete on Reboot option.
3. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\SYSTEM32\apiyr.exe
C:\WINDOWS\SYSTEM32\sdkao32.exe
C:\WINDOWS\SYSTEM32\shdocpe.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\eied.inf
C:\WINDOWS\appaz32.exe
C:\WINDOWS\msbb32.exe
C:\WINDOWS\netqm32.exe
C:\WINDOWS\switchagreement.txt
C:\WINDOWS\Downloaded Program Files\eied.inf
C:\WINDOWS\Downloaded Program Files\ied.inf


4. Go to the File menu of Killbox, and choose Paste from Clipboard.
5. Click the Delete File button that is a red-and-white X. When asked if you want to delete these files say Yes. When asked if you want to reboot now, say No.
6. Exit Killbox.
_____________

You have a possible CoolWebSearch infection. Posted Image

Download CWShredder Here to its own folder.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Start your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
______________

Reboot back to normal mode and post a new HJT log

David

#5 perthperson

perthperson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 04 December 2005 - 11:22 AM

Showing my ignorance here I'm afraid - how do I shut down IE (I use Mozilla as my browser but can ask it to switch to IE for particular sites if necessary)

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 04 December 2005 - 11:45 AM

Ok, no need to shut down ie if you don't use it!

David

#7 perthperson

perthperson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 04 December 2005 - 12:25 PM

Hi, followed orders I hope.

Logfile of HijackThis v1.99.1
Scan saved at 17:21:05, on 04/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\spywaretools\gcasServ.exe
C:\WINDOWS\System32\RunDll32.exe
C:\spywaretools\gcasDtServ.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\spywaretools\gcasServ.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 04 December 2005 - 12:30 PM

Clean Log!! Posted Image
How's everything running?

#9 perthperson

perthperson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 04 December 2005 - 12:39 PM

Well, it seems fine, touch wood (pats head) The pop ups seem to have disappeared. That is really great. Thank you very much. I'm going to make a donation right now.

But ... just one question. Should I do a "system restore" point now?

I promise I will update Norton and Zone Alarm regularly and also will try my best to emphasise to my (grown up) sons that they are not to even consider visiting any dodgy sites.

Thank you very much.

June :thumbsup: :flowers:

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 04 December 2005 - 12:43 PM

Hope this answers all:

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David

p.s. congratulate yourself for following the instructions so well! :cool:

#11 perthperson

perthperson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Scottish Highlands
  • Local time:03:14 AM

Posted 04 December 2005 - 01:02 PM

Well if I can follow the instructions anyone can! I've made a donation (in case I have to come back again) but I hope I never have to talk to you again (if you see what I mean)

Thanks again.

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:14 AM

Posted 04 December 2005 - 01:04 PM

I understand - i sent you an email

Good to talk to you

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users