Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Many Many Many Spywares And Pop Ups


  • This topic is locked This topic is locked
23 replies to this topic

#1 ljsmith82

ljsmith82

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 September 2006 - 11:04 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:08:00 AM, on 9/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\progman.exe
C:\kybrdff_e7.exe
C:\windows\mousepad11.exe
C:\nwnmff_e7.exe
C:\WINNT\sys02858796561.exe
C:\WINNT\sys09618587965.exe
C:\WINNT\win3207656185879.exe
C:\WINNT\ms03587965618.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\sys03587965618.exe
C:\WINNT\oszduiiA.exe
C:\winnt\system32\rlvknlg.exe
C:\WINNT\v1201.exe
C:\WINNT\system32\555B5B5D616062.exe
C:\WINNT\Duce6.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\AdwareSoft\adv0003.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\{24DEE73D-03A2-1033-1128-000001}\Update.exe
C:\PROGRA~1\COMMON~1\miuk\miukm.exe
C:\WINNT\YSTEM3~1\msiexec.exe
C:\Documents and Settings\Administrator\Application Data\??stem32\w?crtupd.exe
C:\PROGRA~1\COMMON~1\miuk\miuka.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
c:\dfndrff_e7.exe
C:\Documents and Settings\Administrator\Desktop\zlsSetup_65_737_000_en.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB172.tmp
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {BC6FB3FF-2A35-74BD-14F2-77E2EB0420E8} - C:\WINNT\system32\qca.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\qheiw.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,bclmhdt.exe
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB58.dll
O3 - Toolbar: Search - {CD43362E-9926-AD7A-1053-12508475369B} - C:\WINNT\Gckttiny.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINNT\cfg32s.dll
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe
O4 - HKLM\..\Run: [sys02858796561] C:\WINNT\sys02858796561.exe
O4 - HKLM\..\Run: [sys09618587965] C:\WINNT\sys09618587965.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINNT\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINNT\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINNT\system32\loadadv64
O4 - HKLM\..\Run: [loader.exe] C:\WINNT\system32\loader.exe
O4 - HKLM\..\Run: [win3207656185879] C:\WINNT\win3207656185879.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINNT\system32\expload.exe
O4 - HKLM\..\Run: [ms03587965618] C:\WINNT\ms03587965618.exe
O4 - HKLM\..\Run: [w0031249.dll] RUNDLL32.EXE w0031249.dll,I2 000499ad00031249
O4 - HKLM\..\Run: [sys03587965618] C:\WINNT\sys03587965618.exe
O4 - HKLM\..\Run: [oszduiiA] C:\WINNT\oszduiiA.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINNT\system32\dgfgql.exe"
O4 - HKLM\..\Run: [9DA3A3A5A9A8AAA8] 555B5B5D616062.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adv0003.exe" hide
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\axnewx.exe reg_run
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [miuk] C:\PROGRA~1\COMMON~1\miuk\miukm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Loep] "C:\WINNT\YSTEM3~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qetnb] C:\Documents and Settings\Administrator\Application Data\??stem32\w?crtupd.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: rfyfd.exe.tmp
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...US_ZNxdm96248US
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Trendy Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)
O9 - Extra 'Tools' menuitem: Trendy Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rlls.dll
O10 - Hijacked Internet access by WebHancer
O13 - DefaultPrefix: http://teenzdreamz.net/more2/?a=adv0003&s=
O13 - WWW Prefix: http://teenzdreamz.net/more2/?a=adv0003&s=
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19a1a15e40f462...ip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hotbar...rams/hotbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141872536745
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...easeInstall.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\dnjs0117e.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 19 September 2006 - 08:09 AM

Hello,

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

It is important you don't miss a step and perform everything in the right order!!

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

AdwareSoft
Internet Optimizer
popupwithcast
TSA
Deskbar
ToolBar888
MediaMotor
Trendy Search Toolbar
WebHancer
RelevantKnowledge
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

* Download Brute Force Uninstaller.
Unzip it to a folder of its own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {BC6FB3FF-2A35-74BD-14F2-77E2EB0420E8} - C:\WINNT\system32\qca.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\qheiw.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,bclmhdt.exe
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB58.dll
O3 - Toolbar: Search - {CD43362E-9926-AD7A-1053-12508475369B} - C:\WINNT\Gckttiny.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINNT\cfg32s.dll
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe
O4 - HKLM\..\Run: [sys02858796561] C:\WINNT\sys02858796561.exe
O4 - HKLM\..\Run: [sys09618587965] C:\WINNT\sys09618587965.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINNT\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINNT\errorhandler.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINNT\system32\loadadv64
O4 - HKLM\..\Run: [loader.exe] C:\WINNT\system32\loader.exe
O4 - HKLM\..\Run: [win3207656185879] C:\WINNT\win3207656185879.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINNT\system32\expload.exe
O4 - HKLM\..\Run: [ms03587965618] C:\WINNT\ms03587965618.exe
O4 - HKLM\..\Run: [w0031249.dll] RUNDLL32.EXE w0031249.dll,I2 000499ad00031249
O4 - HKLM\..\Run: [sys03587965618] C:\WINNT\sys03587965618.exe
O4 - HKLM\..\Run: [oszduiiA] C:\WINNT\oszduiiA.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINNT\system32\dgfgql.exe"
O4 - HKLM\..\Run: [9DA3A3A5A9A8AAA8] 555B5B5D616062.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adv0003.exe" hide
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\axnewx.exe reg_run
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe
O4 - HKCU\..\Run: [miuk] C:\PROGRA~1\COMMON~1\miuk\miukm.exe
O4 - HKCU\..\Run: [Loep] "C:\WINNT\YSTEM3~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qetnb] C:\Documents and Settings\Administrator\Application Data\??stem32\w?crtupd.exe
O4 - Global Startup: rfyfd.exe.tmp
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...US_ZNxdm96248US
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Trendy Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)
O9 - Extra 'Tools' menuitem: Trendy Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O13 - DefaultPrefix: http://teenzdreamz.net/more2/?a=adv0003&s=
O13 - WWW Prefix: http://teenzdreamz.net/more2/?a=adv0003&s=
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19a1a15e40f462...ip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hotbar...rams/hotbar.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...easeInstall.cab
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\dnjs0117e.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

Download and install Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog, the log from SUPERantispyware and the log from Ewido.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 20 September 2006 - 05:22 PM

i have followed everything then at the combo fix when i ran it like 1 mintue in the program closes it self then i restrated the computer and now the internet does not work

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 20 September 2006 - 05:42 PM

Did you uninstall RelevantKnowledge and Webhancer as I asked before? Because that was one of the first steps and then the scanners afterwards, that's why I said that performing everything in the right order without missing any step is so important.
If you didn't do that or didn't perform that properly, that may explain why your internet connection isn't working now.

To fix this, I assume you have a cdrom or usb stick? Because you have to transfer a tool to the computer since you can't access internet.

*Download WinsockFix
Place it on your desktop.
Start Winsockfix.exe and click "Reg backup"
Your current registry will be saved in the folder "ERDNT"
Then click FIX
Your system will reboot.

This should restore your connection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 20 September 2006 - 06:32 PM

yeah i followed everything, there were some programs that when i pressed unistall it wouldnt and would stay there could that of have been the problem


but yeah ill get transering that program right away

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 20 September 2006 - 06:36 PM

When uninstalling something, it can happen it hangs a bit, but if you waited a bit, it would proceed.
Anyway, that's already too late for it, since most scanners you ran afterwards already deleted these components afterwards.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 20 September 2006 - 06:36 PM

should i redo the steps?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 21 September 2006 - 12:37 AM

What steps are you talking about? Just perform the steps you didn't perform previously and then post the logs. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 24 September 2006 - 12:22 PM

Sorry about the wait had problems


Logfile of HijackThis v1.99.1
Scan saved at 1:17:56 PM, on 9/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINNT\System32\rsvp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141872536745
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

#10 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 24 September 2006 - 12:23 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:59:59 PM 9/19/2006

+ Scan result:



C:\Program Files\Spyware Nuker 2004\backup\200503050011.zip/ncase_new[1].exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/hkf.exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/sais.exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/salm.exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/salmhook.dll.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/DelB.tmp.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/saap.exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/saaphook.dll.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/Del72.tmp.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/clientax.dll.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/res8D.tmp.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/saap.exe.000 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\RCX12.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning.
C:\Program Files\Spyware Nuker 2004\backup\200503120825.zip/InstaFinderK_inst.exe.000 -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200503120825.zip/instafink.dll.000 -> Adware.404Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} -> Adware.Able2know : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/cmctl.dll.000 -> Adware.AdMir : Cleaned with backup (quarantined).
C:\WINNT\system32\ijrpi.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINNT\system32\ijrpic.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINNT\system32\ijrpid.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINNT\system32\ijrpif.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINNT\system32\install_ID6.exe -> Adware.Adstart : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{24DEE73D-03A2-1033-1128-000001}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINNT\system32\bfaljnnh.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINNT\system32\jgfjhimm.dll -> Adware.Agent : Cleaned with backup (quarantined).
[1480] C:\Program Files\Common Files\{24DEE73D-03A2-1033-1128-000001}\Update.exe -> Adware.Agent : Error during cleaning.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\pmexe.cab/Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262159.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262159.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262159.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/CxtPls.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/WinGenerics.dll.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/uninstaller.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/hypaddin.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/ph.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/auto_update_uninstall.exe.000 -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/bb.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/adv.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/adx.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/angelex.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/autoheal.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/bargains.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exdl.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exdl0.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exdl1.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exdl2.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exdl3.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exul.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exul1.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exul3.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/javex80.vxd.000/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/javex80.vxd.000/C:/WINNT/system32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/javexulm.vxd.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mac80ex.idf.000/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mac80ex.idf.000/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mac80ex.idf.000/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mac80ex.idf.000/C:/WINNT/system32/msbe.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mqexdlm.srg.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/msbe.dll.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/mscb.dll.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/netut80ex.vxd.000/C:/WINNT/system32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/netut80ex.vxd.000/C:/WINNT/system32/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/netut80ex.vxd.000/C:/WINNT/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/netut80ex.vxd.000/C:/WINNT/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/nls.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/nvms.dll.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/psis80ex.ax.000/C:/WINNT/system32/mscb.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/zeta.exe.000 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl2.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exul2.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/bho_prob.exe.000 -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/bho_prob.exe.001 -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ceres.cab.000/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ceres.dll.000 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Ceres -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/bs51-eginwl51-vb.exe.000 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/cfgmgr51.dll.000 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\Gckttiny.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\arymzajf.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bs7beta.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32\ASI2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32\ASISSRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32\SPZ4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bsx32\bspace.html -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bviuwxyf.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\bxxs5.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\cfg32o.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\cfg32p.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\cfg32r.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\cfgmgr52.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\gaudlijn.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\hoijzmaz.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\hpxjngtd.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\idillctv.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\kcebecmg.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\mmbohsiz.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\nrtivnrv.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\qjwtjvva.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINNT\rojhyebc.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bookedspace -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bookedspace\adware -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINNT\system32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINNT\system32\Runner.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/cb.exe.000 -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/flash.exe.000 -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/psis80ex.ax.000/C:/Program Files/CashBack/bin/cb.exe -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/psis80ex.ax.000/C:/Program Files/CashBack/bin/flash.exe -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/0ibi54qc.dll.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/xuevf9w7.DLL.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505141710.zip/0ibi0136.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505141710.zip/0ibi54qc.dll.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505141710.zip/xuevf9w7.DLL.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/0ibi54qc.dll.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/0ibiC36F.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/xuevf9w7.DLL.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505300931.zip/0ibi54qc.dll.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505300931.zip/xuevf9w7.DLL.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505301124.zip/0ibiE43C.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200506041627.zip/0ibi54qc.dll.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200506041627.zip/xuevf9w7.DLL.000 -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\WINNT\RW5kIFVzZXI\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINNT\RW5kIFVzZXI\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/HookPopup.dll.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Nqhcgx.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Ocrvdb.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Opwvej.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Oqhrxg.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Yglaat.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/dun.exe.000 -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Pynix.dll.000 -> Adware.DlMax : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Pynix.dll.001 -> Adware.DlMax : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/dlmax.dll.000 -> Adware.DlMax : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/dlmax.dll.001 -> Adware.DlMax : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/dlmax.dll.002 -> Adware.DlMax : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Error during cleaning.
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Error during cleaning.
C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup (quarantined).
C:\WINNT\system32\iniwin32.dll -> Adware.E2Give : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/EliteToolBar version 60.dll.000 -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281814.zip/EliteToolBar version 60.dll.000 -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINNT\win32069656185872006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\WINNT\win3207656185879.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\WINNT\win32076561858792006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\WINNT\win32085618587962006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\bintheredunthat\sys02858796561.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\bintheredunthat\sys028587965612006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\bintheredunthat\sys03587965618.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\bintheredunthat\sys096185879652006.exe -> Adware.Enbrow : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CHCON.dll.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CHPON.dll.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/apev.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/eZinstall.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/eabh.dll.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/eapbh.dll.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/ezPopStub.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/ezStub22.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/mmod.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/seng.dll.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/wo.exe.000 -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINNT\system32\nss83.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/ATPartners.dll.000 -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/ATPartners.dll.000 -> Adware.F1Organizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Fizzlebar.clsDockWindow -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Fizzlebar.clsDockWindow\Clsid -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Fizzlebar.clsFwBar -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Fizzlebar.clsFwBar\Clsid -> Adware.FizzleBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CMEIIAPI.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CMESys.exe.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CMEUpd.exe.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/EGIEProcess.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/EGNSEngine.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GController.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GDwldEng.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GFormCTM.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GIoclClient.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GMT.exe.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GStore.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GStoreServer.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GSvcMgr.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GSvcSAP.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/GatorStubSetup.exe.000 -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/egIEEngine.dll.000 -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbCoreSrv.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbGuard.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbHostIE.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbHostOE.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbHostOL.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbOEAddOn.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbSrv.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/HbToolbar.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/Wallpaper.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/WeatherOnTray.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/HbHostOE.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/HbHostOL.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/HbOEAddOn.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/HbSrv.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/HbToolbar.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/Wallpaper.dll.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/WeatherOnTray.exe.000 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/btnetw-ventura-hot_246765.exe.000 -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINNT\system32\nseCC.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINNT\system32\nso53.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINNT\system32\nsv12.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINNT\system32\nsz9F.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/systb.dll.000 -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTbar.BarObj -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTbar.BarObj\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ISTbar\Historystring -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Installer4.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\CMYPT32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\CQYPT32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\akferror.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\cZbinet.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\crlbact.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\fpnq0355e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\gp44l3hq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\i2420choef4c0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\igm32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\kvdda.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\mqc42.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\mvpql9751.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\nstapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\pnofmap.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\ptflbmsg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\qiery.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\twpmon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\u0rula991d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\wnsdmod.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\wwi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Adware.Look2Me : Cleaned with backup (quarantined).
[792] C:\WINNT\system32\TWI-SonyOMG.dll -> Adware.Look2Me : Error during cleaning.
[936] C:\WINNT\system32\TWI-SonyOMG.dll -> Adware.Look2Me : Error during cleaning.
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/HLInstaller1.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/HyperLinker1.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/HLInstaller3.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/HyperLinker3.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/HLInstaller3.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/HyperLinker3.exe.000 -> Adware.MDH : Cleaned with backup (quarantined).
C:\WINNT\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINNT\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINNT\mm63.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINNT\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Error during cleaning.
C:\WINNT\876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINNT\system32\WinDmy.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINNT\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINNT\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Adware.NaviSearch : Error during cleaning.
HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Adware.NaviSearch : Error during cleaning.
HKLM\SOFTWARE\NaviSearch -> Adware.NaviSearch : Cleaned with backup (quarantined).
C:\WINNT\mirar.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/NDNuninstall6_38.exe.000 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/NNEZTX638.exe.000 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/newdotnet6_38.dll.000 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/uninstall6_38.exe.000 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/newd47A8.000 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ps1.exe.000 -> Adware.Pacer : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\pcs_0006.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/powerscan.exe.000 -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/powerscan.exe.000 -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
C:\WINNT\system32\gzdno.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\igex.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\qca.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\yvf.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\аѕsembly\nоtepad.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/2b3fsk0h.dll.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/bln02nqv.exe.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/2b3fsk0h.dll.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/70tovmto.exe.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/gah95on6.exe.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/bd21v6pu.exe.000 -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200503010210.zip/SaveUninst.exe.000 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/search.dll.000 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/VVSN_AAAS0741Inst.exe.000/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/VVSN_AAAS0741Inst.exe.000/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINNT\MirarSetup_876057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/ShprRprt.exe.000 -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250210.zip/hbinst.exe.000 -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/ShprRprt.exe.000 -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200502250735.zip/hbinst.exe.000 -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/sfbho.dll.000 -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/sidefind.dll.000 -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/sidefind.exe.000 -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/sidefind.exe.000 -> Adware.SideFind : Cleaned with backup (quarantined).
C:\WINNT\system32\nst1A.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\WINNT\inscdm\alwsrbbypk.dll -> Adware.SmartPops : Cleaned with backup (quarantined).
C:\WINNT\inscdm\alwsrbbypk.exe -> Adware.SmartPops : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200503250715.zip/trendy_search.dll.000 -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/PreUninstall.exe.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/lmf32v.dll.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/PreUninstall.exe.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/lmf32v.dll.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/PreUninstall.exe.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/lmf32v.dll.000 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\acwfs4t2.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\dgfgql.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\lmf3227E -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\lmf3F8D8 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\wdc1n.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/IUCmore.dll.000 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/UCMTSAIE.dll.000 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ucmoreiex.exe.000/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ucmoreiex.exe.000/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ucmoreiex.exe.000/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/AdDestroyer.exe.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/AdDestroyerInner.EXE.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/BundleOuter.EXE.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/PopOops.dll.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/PopOops2.dll.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/SWLAD1.dll.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/SWLAD2.dll.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/VBouncerInner.EXE.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/VirtualBouncer.exe.000 -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WINNT\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/IExploreSkins.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/PIB.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/TBPS.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/TBPSSvc.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/common.dll.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/nzqlihv.wzg.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/radio.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/toolbar.dll.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/TBPS.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/radio.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/IExploreSkins.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/IExploreSkins.exe.001 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/PIB.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/TBPS.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/TBPSSvc.exe.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/TBPSSvc.exe.001 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/common.dll.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/nzqlihv.wzg.000 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program

#11 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 24 September 2006 - 12:26 PM

C:\Program Files\WinFixer 2005\ffCom.dll -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\flash.ini -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\lapv.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\lock.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\pv.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\sr.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\sr.log -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\support.url -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\trace.log -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\unins000.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\unins000.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\up.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\update.log -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\updater.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\wfx5.url -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINNT\system32\df_kme.exe -> Adware.Winfixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\FFWraper.DLL -> Adware.WinFixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\FixCore.DLL -> Adware.WinFixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\MMFixCtrl.DLL -> Adware.WinFixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\compcln.dll -> Adware.WinFixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\FFCom.FlFixer -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\FixCore.MMFixCore -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\FixCore.MMFixCore.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\df_fixer.Fixer -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\Classes\df_fixer.Fixer.1 -> Adware.WinFixer : Error during cleaning.
HKLM\SOFTWARE\WinSoftware\WinFixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/WSup.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/WToolsA.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/WToolsB.dll.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/EDow_AS2.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/WSup.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/WToolsA.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/WToolsB.dll.000 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/edow.exe.000 -> Adware.Wintol : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning.
C:\WINNT\TIELT001.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINNT\pf78bb.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/CSv13P109.exe.000 -> Backdoor.Ruledor.f : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/CSv13P109.exe.000 -> Backdoor.Ruledor.f : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard11.exe -> Backdoor.VB.ary : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_MARKETING18.exe.000 -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_MARKETING18.exe.001 -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_MARKETING18.exe.002 -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_MARKETING18.exe.003 -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_SIAC.exe.000 -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINNT\Uylxohr.lkf\BBI2.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINNT\Zvmammnqfwz.nys\BBI2.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\newname10.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname4.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname6.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\newname7.exe -> Downloader.Adload.ae : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard10.exe -> Downloader.Adload.am : Cleaned with backup (quarantined).
C:\aebcq9z5w.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
C:\bintheredunthat\w0031249.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\WINNT\system32\aaa00000.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\website.ocx -> Downloader.Agent.ex : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/main.exe.000 -> Downloader.Agent.hw : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/pm.exe.000 -> Downloader.Apropo.aa : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505092156.zip/status[1].000 -> Downloader.Apropo.ab : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505092156.zip/tmp7670.exe.000 -> Downloader.Apropo.ab : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/cxtpls_loader.exe.000 -> Downloader.Apropo.ab : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/cxtpls_loader.exe.001 -> Downloader.Apropo.ab : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/auf0.exe.000 -> Downloader.Apropo.ai : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/AutoUpdaterInstaller[1].exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262159.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/AutoUpdate.exe.001 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/AutoUpdaterInstaller[1].exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/AutoUpdaterInstaller[1].exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505092156.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505092156.zip/AutoUpdaterInstaller[1].exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/AutoUpdate.exe.000 -> Downloader.Apropo.g : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/auto_update_install.exe.000 -> Downloader.Apropo.u : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/auto_update_install.exe.000 -> Downloader.Apropo.u : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/auto_update_install.exe.000 -> Downloader.Apropo.u : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/auto_update_install.exe.000 -> Downloader.Apropo.u : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504121921.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504132055.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504182100.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262103.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504262159.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504272145.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504282128.zip/CxtPls.dll.000 -> Downloader.Apropo.w : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/auf0.exe.000 -> Downloader.Apropos.s : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/AproposClientInstaller[1].exe.000 -> Downloader.Apropos.s : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/nem220.dll.000 -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/nem220.dll.000 -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/install.exe.000 -> Downloader.Dyfuca.de : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/install.exe.000 -> Downloader.Dyfuca.de : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/install.exe.001 -> Downloader.Dyfuca.de : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/install[1].exe.000 -> Downloader.Dyfuca.de : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/optimize.exe.001 -> Downloader.Dyfuca.dk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/actalert.exe.000 -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/actalert[1].exe.000 -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/actalert.exe.000 -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/actalert.exe.001 -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wsem303.dll.000 -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
C:\WINNT\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/optimize.exe.001 -> Downloader.Dyfuca.du : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/optimize[1].exe.000 -> Downloader.Dyfuca.du : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/optimize.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/optimize.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/cln8.tmp.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/optimize.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/optimize313.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/optimize313[1].exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/optimize.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/optimize313.exe.000 -> Downloader.Dyfuca.dx : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/tct101.dll.000 -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\WINNT\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINNT\srvgypizlf.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wupdt.exe.000 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wupdt.exe.001 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wupdt.exe.002 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/istactivex.dll.000 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/istsvc.exe.000 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/ddgkieet.exe.000 -> Downloader.IstBar.ij : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/istbarcm.dll.000 -> Downloader.IstBar.ik : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101935.zip/iinstall.exe.000 -> Downloader.IstBar.ir : Cleaned with backup (quarantined).
C:\WINNT\system32\PreInstaller_p1.exe -> Downloader.Keenval.o : Cleaned with backup (quarantined).
C:\WINNT\system32\gld4ds.exe -> Downloader.Qoologic.ac : Cleaned with backup (quarantined).
C:\WINNT\system32\rintnox.dll -> Downloader.Qoologic.af : Cleaned with backup (quarantined).
C:\installerwebnexus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hxqg.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINNT\system32\apyby.dat -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINNT\system32\efkrk.dll -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINNT\system32\oeupuns.dll.tmp -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINNT\system32\sfbdbdv.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINNT\system32\fuchj.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/tp7543.exe.000 -> Downloader.Qoologic.i : Cleaned with backup (quarantined).
C:\WINNT\system32\izbhbrn.dll -> Downloader.Qoologic.q : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/exp.exe.000 -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wintask.exe.000 -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\sуstem\ѕpoolsv.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\exp.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\w007006b.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\w0073f71.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\w007633c.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\w00791a1.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\system\gqplr.exe -> Downloader.Small.ayh : Cleaned with backup (quarantined).
C:\WINNT\system32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup (quarantined).
C:\WINNT\pi1_35.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\WINNT\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\sadewom.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINNT\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/farmmext.cab.000/farmmext.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/farmmext.cab.001/farmmext.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/farmmext.exe.000 -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/farmmext.exe.001 -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/farmmext.exe.002 -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\Program Files\Common Files\misc002\141.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard9.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\newname12.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\newname13.exe -> Downloader.VB.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard12.exe -> Downloader.VB.abd : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard13.exe -> Downloader.VB.abj : Cleaned with backup (quarantined).
C:\bintheredunthat\oszduiiA.exe -> Downloader.VB.alu : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/dist001.exe.000 -> Downloader.VB.eu : Cleaned with backup (quarantined).
C:\WINNT\mm83.ocx -> Downloader.VB.ov : Cleaned with backup (quarantined).
C:\WINNT\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINNT\sms112x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINNT\system32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard3.exe -> Downloader.VB.yv : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard7.exe -> Downloader.VB.zg : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard4.exe -> Downloader.VB.zk : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard5.exe -> Downloader.VB.zl : Cleaned with backup (quarantined).
C:\WINDOWS\keyboard6.exe -> Downloader.VB.zo : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad7.exe -> Downloader.VB.zw : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504101915.zip/WToolsS.exe.000 -> Downloader.Wintool.f : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/WToolsS.exe.000 -> Downloader.Wintool.f : Cleaned with backup (quarantined).
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\302.exe -> Dropper.Agent.anu : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/SSK3_B5 Seedcorn 4.exe.000 -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/installer_MARKETING18.exe.004 -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wrapperouter.exe.000 -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINNT\system32\2.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINNT\system32\expload.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINNT\system32\pre1.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\comscore.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\stub.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\803_104.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/3ASavers_Om3IC.exe.000 -> Dropper.Mudrop.o : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/3ASavers_Om3IC.exe.000 -> Dropper.Mudrop.o : Cleaned with backup (quarantined).
C:\SS1001newer.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINNT\ss1205.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505071315.zip/34yf28fg.exe.000 -> Dropper.Small.sc : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505122205.zip/34yf28fg.exe.000 -> Dropper.Small.sc : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Qool.exe.000 -> Dropper.Small.wc : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/wmconfig.cpl.000 -> Dropper.Small.wc : Cleaned with backup (quarantined).
C:\Setup.exe -> Dropper.VB.mn : Cleaned with backup (quarantined).
C:\iexplore.exe -> Dropper.VB.mn : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/winup2date.dll.000 -> Hijacker.Small.et : Cleaned with backup (quarantined).
C:\Program Files\NetMeeting\sajyhyc.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\microsoft frontpage\vilek.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/protector.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/sdf.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281814.zip/elitektl32.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281814.zip/elitemxf32.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281814.zip/elitexoc32.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281814.zip/elitexot32.exe.000 -> Hijacker.StartPage.nk : Cleaned with backup (quarantined).
C:\bintheredunthat\oszduii.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad3.exe -> Hijacker.VB.lv : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad4.exe -> Hijacker.VB.lv : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad6.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad11.exe -> Hijacker.VB.mo : Cleaned with backup (quarantined).
C:\WINDOWS\mousepad13.exe -> Hijacker.VB.mo : Cleaned with backup (quarantined).
C:\WINNT\pop06ap.exe -> Hijacker.VB.nk : Cleaned with backup (quarantined).
C:\WINNT\system32\dmo16g.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200504160713.zip/sepng.dll.000 -> Not-A-Virus.PSWTool.Win32.EZula.bf : Cleaned with backup (quarantined).
C:\WINNT\system32\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4b9v880k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\amory@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Duad.exe.000 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Duad.exe.001 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Duad.exe.002 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/Duad.exe.003 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall1p.exe.000 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall2c.exe.000 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall2c.exe.001 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall2c.exe.002 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall2c[1].exe.000 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/polall2c[1].exe.001 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/zmpxkegn.exe.000 -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ceres.cab.000/spike.exe -> Trojan.Agent.cb : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/systb.exe.000 -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/tdtb.exe.000 -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\912_121.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\Program Files\Plus!\Themes.zip/Themes/Kiss Saver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\Program Files\Plus!\Themes\Kiss Saver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\WINNT\system32\Kiss Saver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/CxtPls.dll.000 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/CxtPls.exe.000 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ProxyStub.dll.000 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/WinGenerics.dll.000 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Program Files\Spyware Nuker 2004\backup\200505281710.zip/ace

#12 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 24 September 2006 - 12:29 PM

it wont let me post anymore

SUPERAntiSpyware Scan Log
Generated 09/20/2006 at 00:05 AM

Core Rules Database Version : 3088
Trace Rules Database Version: 1117

Memory threats detected : 2
Registry threats detected : 528
File threats detected : 138

Adware.NicTech Networks
C:\WINNT\SYSTEM32\MV8OL9L31.DLL
C:\WINNT\SYSTEM32\MV8OL9L31.DLL
C:\WINNT\SYSTEM32\WPHCON.DLL
C:\WINNT\SYSTEM32\WPHCON.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\URL
C:\WINNT\system32\guard.tmp

Adware.BookedSpace
HKLM\Software\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}#AppID
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\InprocServer32
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\InprocServer32#ThreadingModel
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\ProgID
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\Programmable
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\TypeLib
HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\VersionIndependentProgID
C:\WINNT\bxxs5.dll
C:\WINNT\zAbstract\ASI5AFF.bsx
C:\WINNT\zAbstract\ASI_SPEC.bsx
C:\WINNT\zAbstract\EECH.bsx
C:\WINNT\zAbstract\MYGEEK3.bsx
C:\WINNT\zAbstract\SPZ5.bsx
C:\WINNT\zAbstract
C:\WINNT\bsx32.ini
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0\win32
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\FLAGS
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\HELPDIR
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid32
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib#Version
HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\AppID\Scaggy.DLL
HKCR\AppID\Scaggy.DLL#AppID
HKCR\Scaggy.Insert
HKCR\Scaggy.Insert\CLSID
HKCR\Scaggy.Insert\CurVer
HKCR\Scaggy.Insert.1
HKCR\Scaggy.Insert.1\CLSID
HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0\win32
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\FLAGS
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\HELPDIR

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}\InprocServer32
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}\InprocServer32#ThreadingModel
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}\ProgID
HKCR\CLSID\{0DEADE31-9A37-48B2-921A-7825EA93D32A}\VersionIndependentProgID
C:\WINNT\system32\wdc1n.dll
HKLM\Software\Classes\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32#ThreadingModel
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\ProgID
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\Programmable
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\TypeLib
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\VersionIndependentProgID
C:\WINNT\system32\nsh4.dll
HKLM\Software\Classes\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32#ThreadingModel
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\ProgID
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\Programmable
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\TypeLib
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\VersionIndependentProgID

Spyware.E2G
HKLM\Software\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}#AppID
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}#AppId2
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}#AppId3
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\InprocServer32
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\InprocServer32#ThreadingModel
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\ProgID
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\Programmable
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\TypeLib
HKCR\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}\VersionIndependentProgID
C:\Program Files\E2G\IeBHOs.dll
HKLM\Software\E2G
HKLM\Software\E2G#installDir
HKLM\Software\E2G#source
HKLM\Software\E2G#checkStarted
HKLM\Software\E2G#id
HKLM\Software\E2G#lastBuild
HKLM\Software\E2G#lastCheck
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin#URLInfoAbout
HKCR\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
HKCR\appid\iebhos.dll
HKCR\appid\iebhos.dll#AppID
HKCR\IeBHOs.Control
HKCR\IeBHOs.Control\CLSID
HKCR\IeBHOs.Control\CurVer
HKCR\IeBHOs.Control.1
HKCR\IeBHOs.Control.1\CLSID
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\0
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\0\win32
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\FLAGS
HKCR\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\HELPDIR
C:\Program Files\E2G\data19
C:\Program Files\E2G

Adware.SearchClickAds
HKLM\Software\Classes\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}#AppID
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\InprocServer32
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\ProgID
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\Programmable
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\TypeLib
HKCR\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}\VersionIndependentProgID
C:\WINNT\cfg32r.dll
HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}#AppID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32#ThreadingModel
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\ProgID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\Programmable
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\TypeLib
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\VersionIndependentProgID
C:\WINNT\cfg32o.dll
HKCR\CFG32S.Search
HKCR\CFG32S.Search\CLSID
HKCR\CFG32S.Search\CurVer
HKCR\CFG32S.Search.1
HKCR\CFG32S.Search.1\CLSID
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\InprocServer32
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\InprocServer32#ThreadingModel
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ProgID
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\TypeLib
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\VersionIndependentProgID
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\0
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\0\win32
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\FLAGS
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\HELPDIR
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0\win32
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\FLAGS
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\HELPDIR
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid32
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib#Version
HKCR\AppId\CFG32S.DLL
HKCR\AppId\CFG32S.DLL#AppID
HKCR\AppId\{27A1CA0D-78CE-4e23-8A89-2C95C15954B3}
HKLM\SOFTWARE\zAbstract
HKLM\SOFTWARE\zAbstract#r
HKLM\SOFTWARE\zAbstract#App1
HKLM\SOFTWARE\zAbstract#App3
HKLM\SOFTWARE\zAbstract#App4
HKLM\SOFTWARE\zAbstract#App5
HKLM\SOFTWARE\zAbstract#Parent
HKLM\SOFTWARE\zAbstract#App2
HKLM\SOFTWARE\zAbstract#Unique
HKLM\SOFTWARE\zAbstract#Stamp-Spawn
HKLM\SOFTWARE\zAbstract#Stamp-Update
HKLM\SOFTWARE\zAbstract#Count-Update
HKLM\SOFTWARE\zAbstract#Delay-Update
HKLM\SOFTWARE\zAbstract#Delay-EECH
HKLM\SOFTWARE\zAbstract#Delay-SPZ5
HKLM\SOFTWARE\zAbstract#Delay-ASI5AFF
HKLM\SOFTWARE\zAbstract#Delay-MYGEEK3
HKLM\SOFTWARE\zAbstract#Delay-ASI_SPEC
HKLM\SOFTWARE\zAbstract#Campaigns
HKLM\SOFTWARE\zAbstract#Receipt-EECH
HKLM\SOFTWARE\zAbstract#Data-EECH
HKLM\SOFTWARE\zAbstract#Receipt-SPZ5
HKLM\SOFTWARE\zAbstract#Data-SPZ5
HKLM\SOFTWARE\zAbstract#Receipt-ASI5AFF
HKLM\SOFTWARE\zAbstract#Data-ASI5AFF
HKLM\SOFTWARE\zAbstract#Receipt-MYGEEK3
HKLM\SOFTWARE\zAbstract#Data-MYGEEK3
HKLM\SOFTWARE\zAbstract#Receipt-ASI_SPEC
HKLM\SOFTWARE\zAbstract#Data-ASI_SPEC
HKLM\SOFTWARE\zAbstract#Receipt-POKER2
HKLM\SOFTWARE\zAbstract#Receipt-UPG82
C:\WINNT\Uninstall.exe

Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
C:\WINNT\system32\WinNB58.dll
HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
HKCR\NN_Bar_Dummy.NN_BarDummy
HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID
HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer
HKCR\NN_Bar_Dummy.NN_BarDummy.1
HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString

Adware.Qoologic/QoolAid
HKLM\Software\Classes\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
HKCR\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
HKCR\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
HKCR\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}\InProcServer32
HKCR\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}\InProcServer32#ThreadingModel
HKCR\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}\ProgId
C:\WINNT\system32\dmonwv.dll
HKCR\Folder\shellex\columnhandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}

Spyware.WebSearch (WinTools/HuntBar)
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{339BB23F-A864-48C0-A59F-29EA915965EC}
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.SurfSideKick
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
C:\Documents and Settings\Administrator\Application Data\Sskcwrd.dll
C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Administrator\Application Data\Sskknwrd.dll

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\amory@qksrv[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@www.pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@banners.searchingbooth[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@as-us.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@www.stopzilla[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@server.lon.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@try.starware[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@indiads[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@redorbit[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@jamster[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@recipe[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@admarketplace[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@count2.exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@partypoker[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@www.adtrak[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@www.drivecleaner[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@ads.zwoops[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@regalinteractive[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@www.redorbit[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@count4.exitexchange[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@new-pcp[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@stats.drivecleaner[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@h.starware[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@revenue[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@count3.exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@lynxtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@50881381[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@66702201[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@clicksor[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@hc2.humanclick[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@ads.traffic-o-rama[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@count.exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\amory@cpvfeed[2].txt
C:\Documents and Settings\Administrator\Cookies\amory@drivecleaner[2].txt

Adware.180solutions/Search Assistant
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version

Adware.180solutions/ZangoSearch
HKCR\ClientAX.ClientInstaller
HKCR\ClientAX.ClientInstaller\CLSID
HKCR\ClientAX.ClientInstaller\CurVer
HKCR\ClientAX.ClientInstaller.1
HKCR\ClientAX.ClientInstaller.1\CLSID
HKCR\ClientAX.RequiredComponent
HKCR\ClientAX.RequiredComponent\CLSID
HKCR\ClientAX.RequiredComponent\CurVer
HKCR\ClientAX.RequiredComponent.1
HKCR\ClientAX.RequiredComponent.1\CLSID
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR

Adware.WebNexus
HKLM\Software\qstat
HKLM\Software\qstat#double
HKLM\Software\qstat#brr
HKLM\Software\qstat#unq
HKLM\Software\qstat#lid
HKLM\Software\qstat#stat
HKCR\Folder\shellex\columnhandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus#UninstallString

Adware.Ezula
HKLM\SOFTWARE\Microsoft\Direct2D
HKLM\SOFTWARE\Microsoft\Direct2D#affilate_id
HKLM\SOFTWARE\Microsoft\Direct2D#request_queue
HKLM\SOFTWARE\Microsoft\Direct2D#version
HKLM\SOFTWARE\Microsoft\Direct2D#installation_id
HKLM\SOFTWARE\Microsoft\Direct2D#user_id
HKLM\SOFTWARE\Microsoft\Direct2D#db_number
HKLM\SOFTWARE\Microsoft\Direct2D#date
HKLM\SOFTWARE\Microsoft\Direct2D#popup_delay
HKLM\SOFTWARE\Microsoft\Direct2D#refresh_time
HKLM\SOFTWARE\Microsoft\Direct2D#related_pop_type
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_maxdup
HKLM\SOFTWARE\Microsoft\Direct2D#rand_context_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#navigation_error
HKLM\SOFTWARE\Microsoft\Direct2D#popup_time_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_maxhilight
HKLM\SOFTWARE\Microsoft\Direct2D#rand_contextual_pop_type
HKLM\SOFTWARE\Microsoft\Direct2D#popup_ctx_delay
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_delay
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#random_contextual_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#program_push_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#icon_drop_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#related_popups_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#update_url
HKLM\SOFTWARE\Microsoft\Direct2D#internal_affiliate_id
HKLM\SOFTWARE\Microsoft\Direct2D#country_id
HKLM\SOFTWARE\Microsoft\Direct2D#install_timestamp
HKLM\SOFTWARE\Microsoft\Direct2D#last_refresh_time

Adware.Avenue Media/Internet Optimizer
HKCR\DyFuCA_BH.BHObj
HKCR\DyFuCA_BH.BHObj\CLSID
HKCR\DyFuCA_BH.BHObj\CurVer
HKCR\DyFuCA_BH.BHObj.1
HKCR\DyFuCA_BH.BHObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TContext
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TContext#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TContext#UninstallString

Adware.QuickLinks
HKCR\Fseytdc.Ariaqudok
HKCR\Fseytdc.Ariaqudok\CLSID
HKCR\Fseytdc.Ariaqudok.1
HKCR\Fseytdc.Ariaqudok.1\CLSID
HKCR\Fseytdc.Yvakt
HKCR\Fseytdc.Yvakt\CLSID
HKCR\Fseytdc.Yvakt.1
HKCR\Fseytdc.Yvakt.1\CLSID

Registry Cleaner Trial
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Registry Cleaner
HKLM\Software\Registry Cleaner
HKLM\Software\Registry Cleaner\Uninstall
HKLM\Software\Registry Cleaner\Uninstall#UnwisePath
HKLM\Software\Registry Cleaner\Uninstall#InstallLog
HKLM\Software\Registry Cleaner\Uninstall#RCUninstallPath
HKLM\Software\Registry Cleaner\Uninstall#SOPROC
C:\Program Files\Registry Cleaner Trial\regclean.dll
C:\Program Files\Registry Cleaner Trial\RegClean.exe
C:\Program Files\Registry Cleaner Trial\Registry Cleaner.chm
C:\Program Files\Registry Cleaner Trial\RgBndl_dlb1.exe
C:\Program Files\Registry Cleaner Trial\soref.dll
C:\Program Files\Registry Cleaner Trial\soref_rcs.exe
C:\Program Files\Registry Cleaner Trial\soref_rgbndl.exe
C:\Program Files\Registry Cleaner Trial\UninstRegclean.EXE
C:\Program Files\Registry Cleaner Trial\UNWISE.EXE
C:\Program Files\Registry Cleaner Trial
C:\Documents and Settings\Administrator\Application Data\Registry Cleaner

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.ZenoSearch
C:\WINNT\system32\msnav32.ax

Adware.Adservs
C:\WINNT\system32\atmtd.dll
C:\WINNT\system32\atmtd.dll._

Adware.MediaMotor
HKCR\mm06ocx.mm06ocxf
HKCR\mm06ocx.mm06ocxf\Clsid
HKCR\IObjSafety.DemoCtl
HKCR\IObjSafety.DemoCtl\Clsid
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Control
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\InprocServer32
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\MiscStatus
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\MiscStatus\1
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\ProgID
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\ToolboxBitmap32
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\TypeLib
HKCR\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\VERSION
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\0
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\0\win32
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\FLAGS
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\HELPDIR
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\Forward
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\ProxyStubClsid
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\ProxyStubClsid32
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid32
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib#Version
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid32
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib#Version
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\Forward
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\ProxyStubClsid
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\ProxyStubClsid32
HKCR\Interface\{96866CAD-7F56-4047-9D41-08322B6B79F3}
HKCR\Interface\{96866CAD-7F56-4047-9D41-08322B6B79F3}\ProxyStubClsid
HKCR\Interface\{96866CAD-7F56-4047-9D41-08322B6B79F3}\ProxyStubClsid32
HKCR\Interface\{96866CAD-7F56-4047-9D41-08322B6B79F3}\TypeLib
HKCR\Interface\{96866CAD-7F56-4047-9D41-08322B6B79F3}\TypeLib#Version
HKLM\software\mm
HKLM\software\mm#check
HKLM\software\mm#ntdll.dll
C:\WINNT\mm06y.ini

Trojan.Malware
C:\asdf.txt
HKCR\Interface\{ED3672D8-19B9-400F-8BED-734E6CC2355F}
HKCR\Interface\{ED3672D8-19B9-400F-8BED-734E6CC2355F}\ProxyStubClsid
HKCR\Interface\{ED3672D8-19B9-400F-8BED-734E6CC2355F}\ProxyStubClsid32
HKCR\Interface\{ED3672D8-19B9-400F-8BED-734E6CC2355F}\TypeLib
HKCR\Interface\{ED3672D8-19B9-400F-8BED-734E6CC2355F}\TypeLib#Version

Browser Hijacker.Begin2Search
HKCR\btnetw.amo
HKCR\btnetw.amo\CLSID
HKCR\btnetw.amo\CurVer
HKCR\btnetw.amo.1
HKCR\btnetw.amo.1\CLSID
HKCR\btnetw.iiittt
HKCR\btnetw.iiittt\CLSID
HKCR\btnetw.iiittt\CurVer
HKCR\btnetw.iiittt.1
HKCR\btnetw.iiittt.1\CLSID
HKCR\btnetw.momo
HKCR\btnetw.momo\CLSID
HKCR\btnetw.momo\CurVer
HKCR\btnetw.momo.1
HKCR\btnetw.momo.1\CLSID
HKCR\btnetw.ohb
HKCR\btnetw.ohb\CLSID
HKCR\btnetw.ohb\CurVer
HKCR\btnetw.ohb.1
HKCR\btnetw.ohb.1\CLSID

Adware.Elite Media
C:\WINNT\em06y.ini

Adware.Toolbar888
HKCR\ToolBand.XBTB04715
HKCR\ToolBand.XBTB04715\CLSID
HKCR\ToolBand.XBTB04715\CurVer
HKCR\ToolBand.XBTB04715.1
HKCR\ToolBand.XBTB04715.1\CLSID
HKCR\XBTB04715.IEToolbar
HKCR\XBTB04715.IEToolbar\CLSID
HKCR\XBTB04715.IEToolbar\CurVer
HKCR\XBTB04715.IEToolbar.1
HKCR\XBTB04715.IEToolbar.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar#UninstallString
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{cbcc61fa-0221-4ccc-b409-cee865caca3a} [ a!L e: ]

Trojan.SmartLoad
HKLM\Software\Microsoft\drsmartload2
HKLM\Software\Microsoft\drsmartload2#Installed
C:\WINDOWS\drsmartload2.dat

Adware.Spyware Labs/Virtual Bouncer
C:\Documents and Settings\Administrator\Start Menu\Programs\Virtual Bouncer\Help.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Virtual Bouncer\Virtual Bouncer.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Virtual Bouncer

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#ms06965618587
HKLM\Software\System\sysold#ms06965618587.exe
HKLM\Software\System\sysold#win3207656185879.exe
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\System\sysuid

Adware.FullContext
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\CMFibula

Trojan.ZQuest
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DH
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DH#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DH#UninstallString
C:\bintheredunthat\DR140306.exe

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-436374069-1383384898-839522115-500\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
HKCR\YazzleSudokuGame
HKCR\YazzleSudokuGame\DefaultIcon
HKCR\YazzleSudokuGame\shell
HKCR\YazzleSudokuGame\shell\Open
HKCR\YazzleSudokuGame\shell\Open\command
HKLM\Software\Cowabanga
HKLM\Software\Cowabanga#ntdll.dll
C:\Program Files\Cowabanga\License.txt
C:\Program Files\Cowabanga\uninstaller.exe
C:\Program Files\Cowabanga
C:\WINNT\YazzleBundle-1119.exe
C:\WINNT\YazzleBundle-1264.exe

Adware.BitLocker
HKCR\ONONE.Theimp
HKCR\ONONE.Theimp\CLSID
HKCR\ONONE.Theimp\CurVer
HKCR\ONONE.Theimp.1
HKCR\ONONE.Theimp.1\CLSID

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.STIEBar
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ProxyStubClsid
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ProxyStubClsid32
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib#Version

Adware.Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString

Unclassified.Unknown Origin/System
C:\bintheredunthat\ms048796561852006.exe
C:\bintheredunthat\ms05796561858.exe
C:\bintheredunthat\ms057965618582006.exe
C:\bintheredunthat\ms06965618587.exe
C:\bintheredunthat\ms069656185872006.exe
C:\bintheredunthat\sys011858796562006.exe
C:\bintheredunthat\sys035879656182006.exe
C:\bintheredunthat\sys09618587965.exe
C:\WINNT\win32096185879652006.exe

Trojan.Unknown Origin
C:\bintheredunthat\SS1001.exe
C:\bintheredunthat\ventfe1.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\sk02.exe
C:\WINDOWS\SS1001.exe
C:\WINNT\pf78.exe
C:\WINNT\pf78ba.exe
C:\WINNT\pf79.exe
C:\WINNT\RW5kIFVzZXI\lqc4KIpWtrK.vbs
C:\WINNT\srvkaicjgl.exe
C:\WINNT\system32\wintit.exe
C:\WINNT\tempf.txt
C:\WINNT\Uninst2.htm
C:\WINNT\Unist1.htm

Adware.PTech
C:\WINNT\pi1_34.exe

RelevantKnowledge Spyware Component
C:\WINNT\rk.exe
C:\WINNT\rlvknlg.exe

Adware.Unknown Origin
C:\WINNT\system32\f50i.tcp

TargetSaver, Inc. Process
C:\WINNT\system32\tsuninst.exe

Adware.WeirdOnTheWeb
C:\WINNT\system32\weirdontheweb_ventura.exe


Amory - Sun 09/24/2006 13:13:04.60 Service Pack 4
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\Administrator\Desktop"
Command switches used ::

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\STEM32~1
C:\QooBox\Purity\Program Files\MCROSO~1.NET
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\WINNT\SEMBLY~1
C:\QooBox\Purity\WINNT\SEMBLY~1\nslookup.exe
C:\QooBox\Purity\WINNT\SEMBLY~1\??sembly


((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-19 21:54 973,072 --a------ C:\WINNT\system32\sfcfiles.dll
2006-09-19 21:54 938,768 --a------ C:\WINNT\system32\ntdsa.dll
2006-09-19 21:54 69,392 --a------ C:\WINNT\system32\olecli32.dll
2006-09-19 21:54 57,104 --a------ C:\WINNT\system32\wlnotify.dll
2006-09-19 21:54 57,104 --a------ C:\WINNT\system32\w32tm.exe
2006-09-19 21:54 549,136 --a------ C:\WINNT\system32\netcfgx.dll
2006-09-19 21:54 48,400 --a------ C:\WINNT\system32\w32time.dll
2006-09-19 21:54 419,600 --a------ C:\WINNT\system32\USER32.DLL
2006-09-19 21:54 399,120 --a------ C:\WINNT\system32\USERENV.DLL
2006-09-19 21:54 366,864 --a------ C:\WINNT\system32\NETLOGON.DLL
2006-09-19 21:54 29,968 --a------ C:\WINNT\system32\profmap.dll
2006-09-19 21:54 29,456 --a------ C:\WINNT\system32\VDMDBG.DLL
2006-09-19 21:54 261,904 --a------ C:\WINNT\system32\scesrv.dll
2006-09-19 21:54 239,888 --a------ C:\WINNT\system32\wow32.dll
2006-09-19 21:54 186,640 --a------ C:\WINNT\system32\WINLOGON.EXE
2006-09-19 21:54 17,680 --a------ C:\WINNT\system32\seclogon.dll
2006-09-19 21:54 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL
2006-09-19 21:54 151,312 --a------ C:\WINNT\system32\SCHANNEL.DLL
2006-09-19 21:54 146,192 --a------ C:\WINNT\system32\WLDAP32.DLL
2006-09-19 21:54 122,128 --a------ C:\WINNT\system32\mstask.exe
2006-09-19 21:54 117,520 --a------ C:\WINNT\system32\PSBASE.DLL
2006-09-19 21:54 114,448 --a------ C:\WINNT\system32\scecli.dll
2006-09-19 21:54 114,448 --a------ C:\WINNT\system32\newdev.dll
2006-09-19 21:54 1,172,992 --a------ C:\WINNT\system32\msxml3.dll
2006-09-19 21:53 78,096 --a------ C:\WINNT\system32\cryptsvc.dll
2006-09-19 21:53 71,440 --a------ C:\WINNT\system32\browser.dll
2006-09-19 21:53 63,760 --a------ C:\WINNT\system32\adsmsext.dll
2006-09-19 21:53 57,104 --a------ C:\WINNT\system32\mpr.dll
2006-09-19 21:53 563,984 --a------ C:\WINNT\system32\CRYPT32.DLL
2006-09-19 21:53 56,080 --a------ C:\WINNT\system32\cabinet.dll
2006-09-19 21:53 535,824 --a------ C:\WINNT\system32\LSASRV.DLL
2006-09-19 21:53 49,424 --a------ C:\WINNT\system32\EVENTLOG.DLL
2006-09-19 21:53 46,352 --a------ C:\WINNT\system32\BASESRV.DLL
2006-09-19 21:53 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2006-09-19 21:53 338,704 --a------ C:\WINNT\system32\MSGINA.DLL
2006-09-19 21:53 299,792 --a------ C:\WINNT\system32\dsprop.dll
2006-09-19 21:53 241,936 --a------ C:\WINNT\system32\msjtes40.dll
2006-09-19 21:53 236,816 --a------ C:\WINNT\system32\CMD.EXE
2006-09-19 21:53 22,800 --------- C:\WINNT\system32\fltmc.exe
2006-09-19 21:53 18,192 --------- C:\WINNT\system32\fltlib.dll
2006-09-19 21:53 134,928 --a------ C:\WINNT\system32\adsldpc.dll
2006-09-19 21:53 130,832 --a------ C:\WINNT\system32\adsldp.dll
2006-09-19 21:53 1,507,600 --a------ C:\WINNT\system32\msjet40.dll
2006-09-19 20:39 84,992 --a------ C:\WINNT\system32\ATL70.DLL
2006-09-19 20:39 65,536 --a------ C:\WINNT\system32\YCRWin32.dll
2006-09-19 20:39 344,064 --a------ C:\WINNT\system32\msvcr70.dll
2006-09-18 18:05 267,228 --a------ C:\WINNT\popupwithcast.exe
2006-09-18 16:37 926 --a------ C:\WINNT\system32\winpfg32.sys
2006-09-18 16:37 215,308 --a------ C:\WINNT\srvntlbkmq.exe
2006-09-18 16:37 1,007,824 --------- C:\WINNT\wbrtdjc.exe
2006-09-18 16:36 161,872 --a------ C:\WINNT\system32\new.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-20 14:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-20 14:31 -------- d-a------ C:\Program Files\Common Files
2006-09-19 23:22 -------- d-------- C:\Program Files\NetMeeting
2006-09-19 23:22 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-19 23:09 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-09-19 23:09 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-19 23:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-19 22:58 -------- d-------- C:\Program Files\Windows NT
2006-09-19 22:58 -------- d-------- C:\Program Files\Common Files\WinSoftware
2006-09-19 22:57 -------- d-------- C:\Program Files\Plus!
2006-09-19 22:30 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0
2006-09-19 20:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 20:41 -------- d-------- C:\Program Files\Visual Networks
2006-09-19 20:40 -------- d-------- C:\Program Files\SBC Yahoo!
2006-09-19 20:40 -------- d-------- C:\Program Files\BroadJump
2006-09-19 20:39 -------- d-------- C:\Program Files\Yahoo!
2006-09-19 20:33 -------- d-------- C:\Program Files\Internet Explorer
2006-09-19 16:53 611 --a------ C:\WINNT\xstlo.dll
2006-09-19 15:11 -------- d-------- C:\Program Files\AdwareSoft
2006-09-19 00:05 -------- d-------- C:\Program Files\HijackThis
2006-09-19 00:02 -------- d-------- C:\Program Files\Zone Labs
2006-09-18 23:59 76560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2006-09-18 23:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-18 23:03 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-09-18 23:03 -------- d-------- C:\Program Files\Outlook Express
2006-09-18 23:03 -------- d-------- C:\Program Files\Common Files\System
2006-09-18 23:03 -------- d-------- C:\Program Files\Common Files\Services
2006-09-18 22:31 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-18 22:30 -------- d-------- C:\Program Files\Windows Media Player
2006-09-18 21:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-09-18 20:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-18 19:34 -------- d-------- C:\Program Files\CCleaner
2006-09-18 18:27 -------- d-------- C:\Program Files\AIM
2006-09-18 18:25 -------- d-------- C:\Program Files\AOD
2006-09-18 16:24 -------- d-------- C:\Program Files\Symantec
2006-09-18 16:22 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-07-25 01:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-07-21 11:08 72704 --a------ C:\WINNT\system32\hlink.dll
2006-07-06 11:52 613648 --a------ C:\WINNT\system32\mmc.exe
2006-07-06 07:45 96528 --a------ C:\WINNT\system32\dnsrslvr.dll
2006-06-27 04:30 1427728 --a------ C:\WINNT\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareSoft"=""
"Synchronization Manager"="mobsync.exe /logon"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"IPInSightLAN 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\microsoft frontpage\\vilek.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,5

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 24 September 2006 - 12:38 PM

Hi, your log from combofix is incomplete, it got cut off... can you post it again in a new reply please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 24 September 2006 - 02:26 PM

Amory - Sun 09/24/2006 15:29:24.67 Service Pack 4
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\Administrator\Desktop"
Command switches used ::

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\STEM32~1
C:\QooBox\Purity\Program Files\MCROSO~1.NET
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\WINNT\SEMBLY~1
C:\QooBox\Purity\WINNT\SEMBLY~1\nslookup.exe
C:\QooBox\Purity\WINNT\SEMBLY~1\??sembly


((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-19 21:54 973,072 --a------ C:\WINNT\system32\sfcfiles.dll
2006-09-19 21:54 938,768 --a------ C:\WINNT\system32\ntdsa.dll
2006-09-19 21:54 69,392 --a------ C:\WINNT\system32\olecli32.dll
2006-09-19 21:54 57,104 --a------ C:\WINNT\system32\wlnotify.dll
2006-09-19 21:54 57,104 --a------ C:\WINNT\system32\w32tm.exe
2006-09-19 21:54 549,136 --a------ C:\WINNT\system32\netcfgx.dll
2006-09-19 21:54 48,400 --a------ C:\WINNT\system32\w32time.dll
2006-09-19 21:54 419,600 --a------ C:\WINNT\system32\USER32.DLL
2006-09-19 21:54 399,120 --a------ C:\WINNT\system32\USERENV.DLL
2006-09-19 21:54 366,864 --a------ C:\WINNT\system32\NETLOGON.DLL
2006-09-19 21:54 29,968 --a------ C:\WINNT\system32\profmap.dll
2006-09-19 21:54 29,456 --a------ C:\WINNT\system32\VDMDBG.DLL
2006-09-19 21:54 261,904 --a------ C:\WINNT\system32\scesrv.dll
2006-09-19 21:54 239,888 --a------ C:\WINNT\system32\wow32.dll
2006-09-19 21:54 186,640 --a------ C:\WINNT\system32\WINLOGON.EXE
2006-09-19 21:54 17,680 --a------ C:\WINNT\system32\seclogon.dll
2006-09-19 21:54 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL
2006-09-19 21:54 151,312 --a------ C:\WINNT\system32\SCHANNEL.DLL
2006-09-19 21:54 146,192 --a------ C:\WINNT\system32\WLDAP32.DLL
2006-09-19 21:54 122,128 --a------ C:\WINNT\system32\mstask.exe
2006-09-19 21:54 117,520 --a------ C:\WINNT\system32\PSBASE.DLL
2006-09-19 21:54 114,448 --a------ C:\WINNT\system32\scecli.dll
2006-09-19 21:54 114,448 --a------ C:\WINNT\system32\newdev.dll
2006-09-19 21:54 1,172,992 --a------ C:\WINNT\system32\msxml3.dll
2006-09-19 21:53 78,096 --a------ C:\WINNT\system32\cryptsvc.dll
2006-09-19 21:53 71,440 --a------ C:\WINNT\system32\browser.dll
2006-09-19 21:53 63,760 --a------ C:\WINNT\system32\adsmsext.dll
2006-09-19 21:53 57,104 --a------ C:\WINNT\system32\mpr.dll
2006-09-19 21:53 563,984 --a------ C:\WINNT\system32\CRYPT32.DLL
2006-09-19 21:53 56,080 --a------ C:\WINNT\system32\cabinet.dll
2006-09-19 21:53 535,824 --a------ C:\WINNT\system32\LSASRV.DLL
2006-09-19 21:53 49,424 --a------ C:\WINNT\system32\EVENTLOG.DLL
2006-09-19 21:53 46,352 --a------ C:\WINNT\system32\BASESRV.DLL
2006-09-19 21:53 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2006-09-19 21:53 338,704 --a------ C:\WINNT\system32\MSGINA.DLL
2006-09-19 21:53 299,792 --a------ C:\WINNT\system32\dsprop.dll
2006-09-19 21:53 241,936 --a------ C:\WINNT\system32\msjtes40.dll
2006-09-19 21:53 236,816 --a------ C:\WINNT\system32\CMD.EXE
2006-09-19 21:53 22,800 --------- C:\WINNT\system32\fltmc.exe
2006-09-19 21:53 18,192 --------- C:\WINNT\system32\fltlib.dll
2006-09-19 21:53 134,928 --a------ C:\WINNT\system32\adsldpc.dll
2006-09-19 21:53 130,832 --a------ C:\WINNT\system32\adsldp.dll
2006-09-19 21:53 1,507,600 --a------ C:\WINNT\system32\msjet40.dll
2006-09-19 20:39 84,992 --a------ C:\WINNT\system32\ATL70.DLL
2006-09-19 20:39 65,536 --a------ C:\WINNT\system32\YCRWin32.dll
2006-09-19 20:39 344,064 --a------ C:\WINNT\system32\msvcr70.dll
2006-09-18 18:05 267,228 --a------ C:\WINNT\popupwithcast.exe
2006-09-18 16:37 926 --a------ C:\WINNT\system32\winpfg32.sys
2006-09-18 16:37 215,308 --a------ C:\WINNT\srvntlbkmq.exe
2006-09-18 16:37 1,007,824 --------- C:\WINNT\wbrtdjc.exe
2006-09-18 16:36 161,872 --a------ C:\WINNT\system32\new.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 13:26 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-20 14:31 -------- d-a------ C:\Program Files\Common Files
2006-09-19 23:22 -------- d-------- C:\Program Files\NetMeeting
2006-09-19 23:22 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-19 23:09 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-09-19 23:09 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-19 23:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-19 22:58 -------- d-------- C:\Program Files\Windows NT
2006-09-19 22:58 -------- d-------- C:\Program Files\Common Files\WinSoftware
2006-09-19 22:57 -------- d-------- C:\Program Files\Plus!
2006-09-19 22:30 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0
2006-09-19 20:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 20:41 -------- d-------- C:\Program Files\Visual Networks
2006-09-19 20:40 -------- d-------- C:\Program Files\SBC Yahoo!
2006-09-19 20:40 -------- d-------- C:\Program Files\BroadJump
2006-09-19 20:39 -------- d-------- C:\Program Files\Yahoo!
2006-09-19 20:33 -------- d-------- C:\Program Files\Internet Explorer
2006-09-19 16:53 611 --a------ C:\WINNT\xstlo.dll
2006-09-19 15:11 -------- d-------- C:\Program Files\AdwareSoft
2006-09-19 00:05 -------- d-------- C:\Program Files\HijackThis
2006-09-19 00:02 -------- d-------- C:\Program Files\Zone Labs
2006-09-18 23:59 76560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2006-09-18 23:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-18 23:03 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-09-18 23:03 -------- d-------- C:\Program Files\Outlook Express
2006-09-18 23:03 -------- d-------- C:\Program Files\Common Files\System
2006-09-18 23:03 -------- d-------- C:\Program Files\Common Files\Services
2006-09-18 22:31 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-18 22:30 -------- d-------- C:\Program Files\Windows Media Player
2006-09-18 21:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-09-18 20:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-18 19:34 -------- d-------- C:\Program Files\CCleaner
2006-09-18 18:27 -------- d-------- C:\Program Files\AIM
2006-09-18 18:25 -------- d-------- C:\Program Files\AOD
2006-09-18 16:24 -------- d-------- C:\Program Files\Symantec
2006-09-18 16:22 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-07-25 01:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-07-21 11:08 72704 --a------ C:\WINNT\system32\hlink.dll
2006-07-06 11:52 613648 --a------ C:\WINNT\system32\mmc.exe
2006-07-06 07:45 96528 --a------ C:\WINNT\system32\dnsrslvr.dll
2006-06-27 04:30 1427728 --a------ C:\WINNT\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareSoft"=""
"Synchronization Manager"="mobsync.exe /logon"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"IPInSightLAN 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\microsoft frontpage\\vilek.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\NetMeeting\\sajyhyc.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3b,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Symantec NetDetect.job

Completion time: Sun 2006-09-24 15:29:50.74
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:07 AM

Posted 24 September 2006 - 02:53 PM

Ok, let's deal with the leftovers now...

Delete next files:

C:\Program Files\microsoft frontpage\vilek.html <== may not be present anymore
C:\Program Files\NetMeeting\sajyhyc.html <== may not be present anymore
C:\WINNT\xstlo.dll
C:\WINNT\popupwithcast.exe
C:\WINNT\system32\winpfg32.sys
C:\WINNT\srvntlbkmq.exe
C:\WINNT\wbrtdjc.exe
C:\WINNT\system32\new.exe

Open hijackthis, click scan and check next entries:

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab


Click Fix checked below. Make sure your Internet Explorer is closed when you hit 'fix checked'

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

Go to start > run and copy and paste next command in the field:

regsvr32 webcheck.dll

Hit enter.

As an additional check, perform next:

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users