Multi problems. Virus, format, hardware

*Deep breath*
Ok, here it goes. First, If this is in the wrong topic, I'm sorry. The problem started with viruses.
Second, my boyfriend is an idiot. He had absolutly no type of anti virus, spyware, malware, adware protection. Different scans gave me different numbers, but but somewhere in the vicinity of 250 to 300 infections. Running win xp btw. So, I , in all my brilliance decide to format. Seemed to easy way to get rid of it all. "Not so fast, my friend." It seems I have a virus or 13 that decided to erase all signs of my cd roms. It will detect in dos, well, when booting. I know. That should be it, However, when I put in the XP disk, It goes through loading some files, till I get a NEW blue screen. (as opposed to the old ME version.) It tells me something about something harming windows and that it was shut down for it's own good. It tells me to run av program and checkdsk. Or something like that. Well, thats fine. I would LOVE to install some av on the $^&@ machine, but when I boot into windows regular OR safe mode, no cd roms. I'm stuck. I figure a well placed kick would help, but I know I would break my toe, and then I would REALLY be mad. Can someone help please? Or just tell me to stick some paper under it?

 

Hello Bama7470, welcome to Afterdawn. Let's see if we can find your problem/s.

Please download HijackThis from here.
Create a folder in C:\ named HjT.
Extract HijackThis to the new folder.
Open HijackThis.exe and click "Do a system scan and save a log file".
Copy/paste the log in your next reply.

 

Sorry this takes so long. I'm having to use a jumpdrive to go between computers. Here is log:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:05 AM, on 10/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\pbgnm\shedtf.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\xfhimo.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\icasServ.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\SWOD.exe
C:\WINDOWS\System32\087qua9h.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\System32\icasServ.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [087qua9h] C:\WINDOWS\System32\087qua9h.exe
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [rihqvv4p] C:\WINDOWS\System32\rihqvv4p.exe
O4 - HKLM\..\Run: [txcuxff] C:\WINDOWS\System32\xfhimo.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

My, but your busy. Thanks for helping.

 

I am not trying to bump, but Yes, there are av on it now, But I didn't get it on there till MUCH to late. I would run some of them, and they would say it was clear, but I reboot comp, and Voila, there the %$%$* they were again. It is NOT hooked up to the net now, I don't know if that will help any or not.

 

Oh my! Where to start?

Windows [bold]needs[/bold] SP1, please when you can get online update to SP1. Do not get SP2 until your clean.

I think we'll hit Nail/Epolvy/DSR first as they are internet killers.

Go here to download the trial version of [bold]AVG Anti-spyware[/bold].
Go here and download [bold]Nail/Aurora Fix Setup[/bold](7th file on page)
Go here and download [bold]CCleaner[/bold].
Go here and download [bold]dsrfix.zip[/bold].
Go here and download [bold]APT[/bold].

Trasnfer all to the desktop.

Install AVG Anti-spyware.
Do not run a scan yet, we will later.

Install CCleaner and open.
Click Options > Advanced > uncheck "Only delete files in Windows Temp folder older than 48 hours".
Close CCleaner.

Unzip dsrfix to the desktop.
Do not run it yet, we will later.

Unzip APT to a new folder.
Open the folder and open apt.exe.
Search for [bold]xfhimo.exe[/bold]
Open your C:\WINDOWS\System32 folder and search for [bold]xfhimo.exe[/bold]. Don't delete it yet, just leave the System32 folder open so you can see the bad file.
In APT again, select [bold]xfhimo.exe[/bold] and click "Kill3".
Then immediately delete [bold]xfhimo.exe[/bold] from your System32 folder.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).

Open nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly, this is normal.

Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.

Open HijackThis and run a scan only and check these(if there):

[bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [txcuxff] C:\WINDOWS\System32\xfhimo.exe r[/bold]

Close all windows except HjT then click "Fix checked".
Close HjT.

Now open the folder dsrfix on your desktop.
Double-Click on dsrfix.bat.
A window will pop up briefly then close, this is normal.

Show all files.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Find and delete the following files(if there):
C:\WINDOWS\[bold]dinst.exe[/bold]
C:\WINDOWS\[bold]dsr.dll[/bold]
C:\WINDOWS\[bold]AuroraHandler.dll[/bold]

Empty the Recycle Bin.

Close all windows.
Open CCleaner.
Click "Run cleaner".

Run a scan with HijackThis and get a new log.
Post back with the AVG report and the HjT log.

 

Forgot to ask: do you want to try to clean everything or do you want reformat when you can use discs again?

 

Reformat. Please. I'm not a complete idiot whan it comes to computers, but I think this is WAY beyond me. Is it infact viruses keeping me from the cdroms? I thought it was because I could access them on start up before windows loaded. Will take me awhile to get all the proggies d/l and transfered. Will reply again when finished with your list.
Thanks soooooo much for you help. And your response said it all, lol.

 

I'm sorry to double post. Haven't learned to edit yet. I cannot use APT to kill xfhimo.exe. It tells me "Process still exist. Terminations appears to have been unsucessful." Should I try it in safe mode?

 

Most likely.

To edit, click the paper icon in the top right of the post.

Open HijackThis.
Click "Open misc tools section".
Click "Delete a file on reboot..."
Find C:\WINDOWS\System32\xfhimo.exe and select it.
Restart in safe mode and continue with nailfix.

 

sorry bout the double post. had to be the long one right?

 

WHEW!

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:18:01 AM 10/14/2006

+ Scan result:



C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-222814-830.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223200-791.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm_gdf.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salm_kyf.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salmau.dat -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\salmhook.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO.1 -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CLSID -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CurVer -> Adware.180Solutions : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ADPower -> Adware.AdPowerZone : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ADPower\SkyH2 -> Adware.AdPowerZone : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Error during cleaning.
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Error during cleaning.
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\eeennn -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\kkws -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\ppops -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\reel -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\_rtneg2\ssites -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F833E74-31C3-4BE4-ADB8-6A25C0\CDDF04E7-9BB1-49E3-A264-93875B -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\psuwwop.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\devlphcv.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BolgerDll.BolgerDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4AA870AC-8427-42a4-B92E-ECD956197489} -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AA870AC-8427-42a4-B92E-ECD956197489} -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\aurora -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\aurora -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\AuroraHandler -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Adware.CashBack : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4BC989F5-CF96-470E-8AD3-9BC07B\A1D219FF-B10E-4950-9A94-3F4CEA -> Adware.CoolBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65365E5C-A84C-79CB-4FC6-7C1BFA8DEF55} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5F87BA35-7600-4CC6-BD92-6E45C9\3D8A579C-1B93-4D2C-920E-F3DBBE -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E14467A1-ED26-41EE-9DC5-4606A5\3EE4B048-5A19-4056-9029-9E0489 -> Adware.ImiBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-764733703-1060284298-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historystring -> Adware.ISTBar : Error during cleaning.
HKU\.DEFAULT\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\WINDOWS\SWOD.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Error during cleaning.
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Adware.MediaMotor : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Pynix -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Pynix -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mit1AB.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mit1AB.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Error during cleaning.
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\20AB5F9A-8EC5-431C-BE12-5AEB26 -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\D16551C6-C547-4104-BAFD-A4D02E -> Adware.Pacer : Cleaned with backup (quarantined).
C:\WINDOWS\1bemq711.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\bundle_mediamotor1004.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\idbfojf4.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\shop1004.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\087qua9h.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\d004ujq1.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pj424ps1.dll -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q69pffph.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qlcumseo.dll -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rihqvv4p.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\_detmp.1:giibng -> Adware.SearchPage : Cleaned with backup (quarantined).
C:\WINDOWS\system32\srlxi.dll -> Adware.SearchPage : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 -> Adware.TopConverting : Error during cleaning.
C:\Program Files\Microsoft AntiSpyware\Quarantine\93C2EE72-D60A-41B7-8E4D-67F931\22BC7593-864D-486C-AADD-64F02B -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\93C2EE72-D60A-41B7-8E4D-67F931\55E442F6-E7F6-423B-9BB6-EFA4BF -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Bolger -> Adware.VX2 : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Bolger -> Adware.VX2 : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\WINDOWS\weirdontheweb_topc.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K3HJMYV5\MediaPass[1].exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y99YBQTW\MediaPassC[1].dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y99YBQTW\bridge-c18[1].cab/MediaPassX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZEWZ3L81\MediaPassK[1].exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223159-459.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Media Gateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D062E58-CD4C-46DF-B74D-4202CD\9D127246-8C3E-4C76-93D3-0FEC92 -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D062E58-CD4C-46DF-B74D-4202CD\CBE384B2-DFD8-49A2-9542-CDF7B1 -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Netscape\Netscape Browser\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaPass.Installer -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\MediaPass.Installer\CLSID -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\MediaPass.Installer\CurVer -> Adware.WinAd : Error during cleaning.
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Error during cleaning.
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Adware.YourSiteBar : Error during cleaning.
C:\WINDOWS\unstall.exe -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Error during cleaning.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Error during cleaning.
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\spm1316.dll.q_804EA00_q -> Backdoor.Agent.en : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AntiSpyInfo\wer1316.dll.q_804EA00_q -> Backdoor.Agent.en : Cleaned with backup (quarantined).
C:\WINDOWS\installer_SIAC.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037469.ini:rwvsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DeLGPS.ini:erygv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sa4_draw.ini:llpqp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sa4_wksp.ini:rwvsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\education.url:xsrlx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log:ujrxb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:zpvzc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SIERRA.INI:cqycx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\Sti_Trace.log:nkccv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_detmp.1:smbssw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\tsc.ptn:fluhx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223200-374.dll -> Downloader.Agent.ex : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\25F01AAB-A6AC-4CCA-A0BC-5DE6A2 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\7DB1C357-EF64-4ED5-998E-66326E -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\C7665094-CF04-4FD6-B12E-2CABE8 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\E252D8E5-AEF3-4935-B51C-792F29 -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\5FDDE408-1E2C-4859-8E26-7F7219 -> Downloader.Agent.mw : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Ry7Ggd3z.exe -> Downloader.Agent.tw : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\054DA9A8-7CC4-4CF8-BB75-AD6B2C -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\47F306CC-A260-4120-A358-9C2951 -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\B37B3AB6-B24F-4CA8-A53F-C34847 -> Downloader.Delf.ky : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1D256F57-D35F-4F13-9587-DFB2C0\82F13DA5-F8C4-4511-891E-E8CCA9 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1E39F11F-666E-4296-AE00-234EA7\6C49B818-BA0E-4AF1-9940-CBBB85 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2ACA9349-E5C3-4C2C-AA31-D5A949\DBB841E1-45A9-409E-8FEF-BCA3A0 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\810EEEE2-6E79-4546-B986-6E0035\7399495D-3C20-4FA2-B39B-0679D4 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D8175A87-C466-4C73-9FCC-63D218\1BF39802-D228-4C01-A2D5-3E9E6F -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\DDE52800-C0FB-4AEE-B376-1762B8\1A6D103B-B7E2-497C-AD4A-EAD6F7 -> Downloader.Intexp.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\backups\backup-20050829-223159-566.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D97F74EF-4C8B-4137-AF22-B2AE3C\F632A7F2-B88A-409C-A0D6-ED9677 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ICD1.tmp\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XJFRL146\istdownload[1].exe -> Downloader.IstBar.lz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\iinstall.exe -> Downloader.IstBar.lz : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\18FB7BE4-9E73-48CB-A46F-360A7D\3965CBA5-6B45-47CC-8E79-BD7175 -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\18FB7BE4-9E73-48CB-A46F-360A7D\F1BC0CCE-E5E5-43F8-B011-6E5965 -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Del1AA.tmp -> Downloader.Small.asf : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8BD4C928-8C68-4D7D-84FB-86A272\7192ED0B-3CBE-47B2-9223-F8F0A4 -> Downloader.VB.eu : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\mm81.ocx -> Downloader.VB.ov : Cleaned with backup (quarantined).
C:\WINDOWS\mm81.ocx -> Downloader.VB.ov : Cleaned with backup (quarantined).
C:\command.exe -> Dropper.Delf.ev : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0BC078C-356F-4774-B8F9-2F1A13\A0BEDB48-9AAD-4136-80C0-2BE28C -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\SSK3_B5.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\icasServ.exe -> Hijacker.Small.fd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rfgae.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@buycom.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.152:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.153:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.203:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.204:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.167:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.168:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.169:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.170:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.171:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.172:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.173:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.174:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.175:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.176:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.137:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.210:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.208:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.209:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.211:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.197:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.181:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.182:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cliks[1].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.35:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.36:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.37:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@e-2dj6wfmysiazskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wfkiwod5ogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjl4uicjsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjliekajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@e-2dj6wjnyggczmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.96:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.44:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.127:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.39:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.147:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.125:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.40:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.41:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.138:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.139:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.21:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.26:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.10:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.8:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.9:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ws.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.67:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.68:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.69:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@www.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned.
:mozilla.108:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.135:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.102:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.150:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.151:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.52:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.112:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Smitty\Application Data\Netscape\NSB\Profiles\x5hf03h1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Smitty\Cookies\smitty@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\_detmp.1:alqfym -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\erygv.datsjrs -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\win.ini:jigee -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\04D42C3E-2893-44E0-9A13-36D0CB\0E5F7FAE-1987-4877-A51F-415288 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F9B20F2-7E93-4C96-B576-8BD52A\123A572A-946C-4D5D-98B5-005713 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\280C7FD9-D54E-41EE-BDAD-ADBA2B\D033F5F9-665D-496D-B4D0-0D3798 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\40C74A31-5C28-4B9C-83D9-3373EB\02A7123A-AA0E-4079-AE06-76D543 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4C8F4611-E959-43B1-9524-CEDFA7\233B7AC0-F9D1-4D4A-BB8F-EDB3D3 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5AE32E6B-8B9F-4117-8AEC-4988A5\BCC8E5E0-410D-4839-8E25-9389F4 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\764A5B94-ED78-4951-91AF-5C9577\932358AC-3B33-4A9B-8BDA-7A8151 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B144ED1F-C4EA-45B7-AB1E-BF1CD2\F7551CFB-99E8-428C-90D3-D422D5 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B37A6D6E-F9C6-4302-8CC8-E49A56\25F4E55E-3E18-4464-8F0D-3B5148 -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBFA8E12-7FD1-49CE-8C75-1C6592\6E973BEB-288D-4A4B-B03A-BACFDA -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9CB7ACE-02CC-469B-A3EF-598AED\DABBDCF8-6019-45DF-9DF7-252A6B -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042525.dll -> Trojan.Agent.db : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042523.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042524.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0036454.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037454.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037464.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0037504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0038503.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0038504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0039504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0040504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0042504.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP166\A0042510.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D00CC5-4146-46CB-9AE9-8BA7BBF618F0}\RP167\A0042519.exe -> Trojan.Poler.a : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B79DF2B-6EF3-4BE9-889D-72B609\518D3A11-CF4A-4AB5-B095-CA32DC -> Trojan.VB.ux : Cleaned with backup (quarantined).


::Report end

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:40 AM, on 10/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Gosh.

 

Edited: Last HjT scan was run in safe mode. Always scan in normal mode to get a new log.

Oh, and please edit one of those posts. (click the paper icon in the top right of the post)

Instructions below...

 

Go here and download [bold]Spybot Search and Destroy[/bold] and install it.
Will run a scan later in safe mode.

Go to Start > Run > type services.msc
Find [bold]shedtfpbgnm[/bold] and double click it.
Click Stop.
Close services.msc

Open HijackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/Paste this into the box and click OK.
[bold]O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe[/bold]
Close HijackThis.

[bold]Note[/bold]: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart in safe mode.
Open Spybot.
Click "Check for Problems".
When it finishes, click "Fix selected problems".
Right click and select "Copy results" (not full report)
Open Notepad, paste and save them.

Open and fix these with HijackThis(if there):

[bold]O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {542375E4-FE89-DF4E-639A-7D0873A7BDC4} - C:\WINDOWS\System32\cn4O2FlC.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [s38U34T] winsink.exe
O4 - HKLM\..\Run: [shedtf] C:\WINDOWS\System32\pbgnm\shedtf.exe
O4 - HKLM\..\Run: [vqdcf] C:\WINDOWS\System32\wptgovu\vqdcf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Smitty\LOCALS~1\Temp\lpmrgjq.exe
O4 - HKLM\..\Run: [wbdcdrw] c:\windows\system32\dgrsrww.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\SWOD.exe
O4 - HKCU\..\Run: [d0r8RQfng] txfnds.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O21 - SSODL: PgtvilTpB - {542375DE-FE89-DF74-AA16-6C1C73A7BDC1} - C:\WINDOWS\System32\rfgae.dll (file missing)
O23 - Service: shedtfpbgnm - Unknown owner - C:\WINDOWS\System32\pbgnm\shedtf.exe [/bold]

Close HijackThis.
Find and delete the following files and folders(if there) search if needed:
C:\WINDOWS\System32\[bold]dgrsrww.exe[/bold] <-file
C:\WINDOWS\[bold]SWOD.exe[/bold] <-file
C:\WINDOWS\System32\[bold]pbgnm[/bold] <-folder
C:\WINDOWS\System32\[bold]wptgovu[/bold] <folder
C:\WINDOWS\System32\[bold]pbgnm[/bold] <-folder
[bold]txfnds.exe[/bold] <-file
[bold]winsink.exe[/bold] <-file

Delete everything in this folder.
C:\Documents ans Settings\Smitty\Local Settings\Temp\[bold]lpmrgjq.exe[/bold]

Empty the Recycle Bin and restart in normal mode.
Open HijackThis.
Click "Open misc tools section".
Click "open Uninstall Manager".
Click "Save List".
Run a new scan and save a new log.

Post back with the Spybot log, the uninstall list and a the HijackThis log.

 

Been a couple days...how are things going?

 

Sorry, had a Family emergancy going on. Will update tomorrow.

 

Hi. Sorry that took so long. Grrrr.

"Go to Start > Run > type services.msc
Find shedtfpbgnm and double click it.
Click Stop.
Close services.msc"

I cannot do that. Something is preventing it from happening. It says there is no problem witth the service. I tried disabling it, it would switch back, tried failing it, nope..

 

Hey, good to hear from you again.

Just continue with the rest of the insturctions. We'll try again later. Might be a file or something stoping you from disabling it.

 

Ok, whew, here we go.
Spybot SandD in safe mode.

SexList: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

SexList: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

CoolWWWSearch: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERSS-1-5-18\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\SearchUrl\=about:blank

CoolWWWSearch.Aboutblank: IE Search page (Registry change, fixed)
HKEY_USERSS-1-5-18\Software\Microsoft\Internet Explorer\SearchUrl\=about:blank

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Ab scissor.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Broadband comparison.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Credit counseling.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Credit report.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Crm software.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Debt credit card.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Escorts.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Fha.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Health insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Help desk software.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Insurance home.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Loan for debt consolidation.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Loan for people with bad credit.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Marketing email.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Mortgage insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Mortgage life insurance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Nevada corporations.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online Betting Site.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online gambling casino.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Online instant loan.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Order phentermine.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Payroll advance.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Personal loans online.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Personal loans with bad credit.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Prescription Drugs Rx Online.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Refinancing my mortgage.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Tahoe vacation rental.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Unsecured bad credit loans.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\Videos.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\What is hydrocodone.url

CoolWWWSearch.Aff.Winshow: Program directory (Directory, fixed)
C:\Documents and Settings\Smitty\Favorites\Sites about\

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Only sex website.url

CoolWWWSearch.Aff.Winshow: Link (File, fixed)
C:\Documents and Settings\Smitty\Favorites\Seven days of free porn.url

Dr.PMon: Picture (File, fixed)
C:\WINDOWS\bestoffers.ico

ISearchTech.PowerScan: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

MBKW-Bar: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\MBKWBar

MBKW-Bar: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\MBKWBar

RegistryOptimizer: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AffiliateCreator

RegistryOptimizer: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-796845957-764733703-1060284298-1003\Software\RegistryOptimizer.com

Roings: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\IObjSafety.DemoCtl

Roings: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-796845957-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

ABetterInternet: Data (File, fixed)
C:\WINDOWS\inf\farmmext.inf

ABetterInternet.Aurora: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

ABetterInternet.Aurora: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}

ABetterInternet.Aurora: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\AuroraHandlerDll.AuroraHandlerDllObj

ABetterInternet.Aurora: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\AuroraHandlerDll.AuroraHandlerDllObj.1

ABetterInternet.Aurora: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{544B6A3F-4024-4403-9661-69B8410BE505}

ABetterInternet.Aurora: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{6D992911-B563-47FC-AB29-437F42D1C729}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.SinkObj.1

DyFuCA: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.SinkObj

DyFuCA: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj

DyFuCA: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj.1

DyFuCA: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}

EffectiveBandToolbar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\TPUSN

ISearchTech.ISTactiveX: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}

ISearchTech.ISTbar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}

ISearchTech.YSB: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}

ISearchTech.YSB: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}

ISearchTech.YSB: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}

ISearchTech.YSB: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

ISearchTech.YSB: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

ISearchTech.YSB: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

ISearchTech.YSB: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

ISearchTech.YSB: Module usage (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

ISearchTech.YSB: Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

ISearchTech.YSB: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\YSBactivex.Installer

ISearchTech.YSB: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}

Laypros: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\WinSock2\Layered Provider Sample

MediaMotor: Configuration file (File, fixed)
C:\WINDOWS\Downloaded Program Files\m67m.inf

MediaMotor: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}

MediaMotor: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}

MediaMotor: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

MediaMotor: Link (File, fixed)
c:\Documents and Settings\All Users\Desktop\Screen Savers.url

MediaMotor: Executable (File, fixed)
C:\WINDOWS\hisistheurls.exe

MediaMotor: Program directory (Directory, fixed)
c:\program files\joystick networks\setup\

MediaMotor: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}

Mirar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}

Mirar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy

Mirar: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy.1

Mirar: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}

Mirar: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}

Mirar: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

Pacimedia: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Ddate

Smitfraud-C.: Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\website.ocx

SurfSideKick: Library (File, fixed)
C:\Documents and Settings\LocalService\Application Data\Sskuknwrd.dll

Zango: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}

Zango: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}

Zango: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}

Zango: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}

Zango: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller

Zango: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads1.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads2.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads3.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads4.kaspersky-labs.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.trendmicro.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
trendmicro.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
rads.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
us.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
secure.nai.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
dispatch.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
download.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.my-etrust.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
my-etrust.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
mast.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
ca.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.ca.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
networkassociates.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.networkassociates.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
avp.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.kaspersky.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.avp.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
kaspersky.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.f-secure.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
f-secure.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
viruslist.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.viruslist.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
liveupdate.symantecliveupdate.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.mcafee.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
sophos.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
www.sophos.com=127.0.0.1

180Solutions.SearchAssistant: Link (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\180search Assistant.com.url

180Solutions.SearchAssistant: Link (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\Uninstall 180search Assistant Instructions.lnk

180Solutions.SearchAssistant: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent.1

180Solutions.SearchAssistant: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ncmyb.SABHO

180Solutions.SearchAssistant: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ncmyb.SABHO.1

180Solutions.SearchAssistant: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}

180Solutions.SearchAssistant: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}

180Solutions.SearchAssistant: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\180search Assistant\

180Solutions.MediaGatewayX: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MediaGatewayX.Installer

180Solutions.MediaGatewayX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}

Admilli Service: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Alexa Related: Link (Replace file, fixed)
C:\WINDOWS\Web\related.htm

DealHelper: Program group (Directory, fixed)
C:\WINDOWS\system32\DealHelper\

eXact Advertising.BargainsBuddy: Program group (Directory, fixed)
C:\Documents and Settings\LocalService\Start Menu\Programs\BullsEye Network\

eXact Advertising.BargainsBuddy: Executable (File, fixed)
C:\WINDOWS\system32\exclean.exe

eXact Advertising.BargainsBuddy: Data (File, fixed)
C:\WINDOWS\system32\psis80ex.ax

eXact Advertising.BargainsBuddy: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ADP.UrlCatcher

eXact Advertising.BargainsBuddy: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ADP.UrlCatcher.1

Huntbar: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}

Huntbar: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}

Huntbar.Web Search: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C380566D-F343-42AB-987B-6B38A1A35747}

IE Plugin: Data (File, fixed)
C:\WINDOWS\lu.dat

Topconverting: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader2Ctrl.1

UCmore: IE toolbar (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47F0-85BB-3FFD8020233E}

UCmore: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47F0-85BB-3FFD8020233E}

UCmore: Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}

Wind Updates: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\AdToolsX.Installer

Wind Updates: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Wind Updates: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Elitum.EliteBar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{205FF73A-CA67-11D5-99DD-444553540013}

Elitum.EliteBar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}

Intexp.D: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\dsrch

Intexp.D: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\dsrch

Intexp.D: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}

Intexp.D: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\DSrch.Band

Intexp.D: Data (File, fixed)
C:\WINDOWS\kwv2.dat

Windows AdTools: Data (File, fixed)
C:\WINDOWS\system32\ide21201.vxd

Startpage-EH: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


CoolWWWSearch: Bookmark (Internet Explorer: Smitty) (Bookmark, nothing done)


Startpage-EH: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Mozilla: default) (Bookmark, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-06 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-06 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-06 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-06 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-06 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-06 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-06 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)

Uninstall in normal mode:

Adobe Acrobat Reader 3.01
Adobe Reader 7.0
AirStrike 2 (remove only)
Avance AC'97 Audio
AVG Anti-Spyware 7.5
BlackICE
CCleaner (remove only)
Civ3 Conquests v1.22 Full
Civ3 MultiTool
Civ3MultiTool
CivAssist 1.1.2
CivAssist II
CivAssist II
Civilization III
Civilization III Play the World
Civilization III v1.29f
Civilization III: Conquests
CleanUp!
Codec Pack - All In 1 6.0.2.3
Desktop Weather by The Weather Channel
GameSpy Arcade
Gold Miner Joe
HijackThis 1.99.1
InterVideo WinDVD
LiveUpdate 2.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.42 .1
Logitech User's Guide
Media Gateway
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Fighter Ace II
Microsoft Flight Simulator 2002
Microsoft Office 2000 Premium
Mig Alley 1.1
Mozilla Firefox (1.0)
MUSICMATCH Jukebox
Netscape (7.2)
Netscape Browser (remove only)
Popcorn Trial
QuickTime
RealArcade
Registry Cleaner (Trial)
Roller Coaster Tycoon
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Select CashBack
Select CashBack
SiS 650_651_M650_740
SiS 650_651_M650_M652_740
Smart Office Keyboard
SoulSeek Client 155
Spybot - Search & Destroy 1.4
SpySubtract
SpywareBlaster v3.2
Street Atlas USA 5.0
Summer Schoolgirls Demo
TContext
The Weather Channel
Weather Services
WeirdOnTheWeb
WinRAR archiver
WinZip
Yahoo! Address AutoComplete
Yahoo! Install Manager

Hijackthis in normal

Logfile of HijackThis v1.99.1
Scan saved at 8:09:01 PM, on 10/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Smitty\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Smitty\Application Data\Mozilla\Profiles\default\klxaqzms.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [inetcomm] C:\WINDOWS\System32\inetcomm.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

 

Great! Looking much better now, but still not free.

Go to Add/Remove Programs and uninstall the following:
[bold]Media Gateway
Select CashBack
TContext
WeirdOnTheWeb[/bold]
All those are either adware or related to adware.

Restart your computer.

You said you wanted to reformat, so you should be able to do that now. But if you would like to continue with the cleaning please let me know and we'll continue.

 

Well, I uninstalled those four, plus alot more that I didn't use anymore. But I still don't have my cd-roms. I guess clean some more? Please? Thanks so much for your patience. And I can tell a HUGH differene between now and before.