Help!! Can't get rid of Viruses

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
:confused:
OMG! I have Internet Security through my cable service (Cox). I have scanned my computer daily and keep getting these 2 viruses that won't delete. I have tried to delete them through file searching and even manually, in safe mode. The info that I have regarding these viruses is:

winik.sys seems to be in C:/WindowsSysW32/Trojan.ATA
and
MRoHFhOa.exe in C:/ProgramfilesW32/Common NameA

This is the info that I was able to retrieve after the scan.
Can anyone help me get rid of these viruses.
Thanks :)
Shar
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Welcome to TSG :)

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
Thanks for the welcome :)
Okay here is the info from the Hijack This scan:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:52 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLServiceHost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50023
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aesoponline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50023
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.aesoponline.com/"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125947397046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Uninstall the following from Add/Remove Programs:

MyWebSearch
Viewpoint Manager
WeatherBug


Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
Hi I have to post the results in 2 entries...I ws told they were too long ;)

Here is the results from the new Hijack This scan:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:59 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cox\Applications\app\Prism.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50023
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aesoponline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50023
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.aesoponline.com/"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125947397046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
Okay I';m having some trouble posting the Ewido scan results. Apparently I am long winded and was told that it's too long :) Any suggestions as to how I can shorten it. I could always split it and send it in 2 postings ;0. Ya know I think I'll try that. Hopefully you can decifer it :).
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
1st half

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:08:21 AM, 1/10/2006
+ Report-Checksum: E717A4AF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D6CED50-D6AE-40DA-B87F-235593FC1F28} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{209B1CEA-8B2E-4596-9B35-A4A7DB611EB2} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavExcel Search Toolbar -> Spyware.NavExcel : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
2nd half:

HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000000DA-0786-4633-87C6-1AA7A4429EF1} -> Spyware.FavoriteMan : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} -> Spyware.ClearSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-3479383672-3924064129-568730901-500\Software\CommonName -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-21-3479383672-3924064129-568730901-500\Software\CommonName\AgentIE -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000000DA-0786-4633-87C6-1AA7A4429EF1} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} -> Spyware.ClearSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dman25.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dmanu4.cab/dman4.dll -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dmanu4.cab/dman4.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dmanu4.cab/BDEInstallProgress4.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2F.tmp\NavHelper\v2.0.4b\v2.0.4b.cab/NHUpdater.exe -> Spyware.NavExcel : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq5A.tmp\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\ssh08jpr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\IDWFAP41\visit[3].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\IDWFAP41\visit[5].htm -> Spyware.BookedSpace : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Don\Application Data\Mozilla\Profiles\default\ou9ewkmu.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Don\Application Data\Netscape\NSB\Profiles\ygbh3hau.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Don\Application Data\Netscape\NSB\Profiles\ygbh3hau.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Don\Cookies\[email protected][2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Don\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Don\Local Settings\Temp\MSView.cab/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\Documents and Settings\Don\Local Settings\Temp\MSView.cab/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
My math must be off as it will take three postings;
here's the third:

:mozilla.6:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Sharon\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Sharon\Local Settings\Temp\eanthmngr_update.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\Sharon\Local Settings\Temp\Sentry.cab/Sentry.exe -> Downloader.Stubby.b : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\admfdi.dll.dat/documents and settings/all users/application data/authentium/curtains150/quarantine/quarantine/ppq2e.tmp/admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\admprog.dll.dat/documents and settings/all users/application data/authentium/curtains150/quarantine/quarantine/ppq2e.tmp/admprog.dll -> Adware.Altnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat/windows/wt/wtupdates/wtwebdriver/files/3.3.1.001/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat/windows/wt/wtupdates/webd/4.1.1/files/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat/windows/wt/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll -> Adware.NavExcel : Cleaned with backup
C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\SpyHunter\Backup\bbchk.exe.bak -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\SpyHunter\Backup\bdedownloader.dll.bak -> Spyware.Altnet : Cleaned with backup
C:\Program Files\SpyHunter\Backup\bdefdi.dll.bak -> Spyware.Altnet : Cleaned with backup
C:\Program Files\SpyHunter\Backup\CMEIIAPI.dll.bak -> Adware.Gator : Cleaned with backup
C:\Program Files\SpyHunter\Backup\CMESys.exe.bak -> Adware.Gator : Cleaned with backup
C:\Program Files\SpyHunter\Backup\cnbabe.dll.bak -> Spyware.CommonName : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Popupsponsor : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\SpyHunter\Backup\GatorStubSetup.exe.bak -> Adware.Gator : Cleaned with backup
C:\Program Files\SpyHunter\Backup\GUninstaller.exe.bak -> Adware.Gator : Cleaned with backup
C:\Program Files\SpyHunter\Backup\MY2NS.EXE.bak -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SpyHunter\Backup\NPMYWAY.DLL.bak -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SpyHunter\Backup\S42NS.EXE.bak -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SpyHunter\Backup\S4BAR.DLL.bak -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SpyHunter\Backup\seng.dll.bak -> Adware.eZula : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\svuuwv\ikw.exe -> Spyware.CommonName.j : Cleaned with backup
C:\Program Files\svuuwv\rsrwrv.dll -> Spyware.CommonName : Cleaned with backup
C:\Program Files\svuuwv\rsrwrv.exe -> Spyware.CommonName : Cleaned with backup
C:\Program Files\wvruooxr\a0hFHoRM.dll -> Spyware.CommonName : Error during cleaning
C:\Program Files\wvruooxr\cnml.exe -> Spyware.CommonName : Error during cleaning
C:\Program Files\wvruooxr\MRoHFh0a.exe -> Spyware.CommonName : Error during cleaning
C:\RECYCLER\S-1-5-21-3479383672-3924064129-568730901-1007\Dc2.exe -> Spyware.CommonName : Cleaned with backup
C:\RECYCLER\S-1-5-21-3479383672-3924064129-568730901-1007\Dc3.dll -> Adware.eZula : Cleaned with backup
C:\RECYCLER\S-1-5-21-3479383672-3924064129-568730901-1007\Dc5.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP800\A0141956.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP800\A0141964.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP800\A0142002.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP800\A0142007.dll -> Adware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP800\A0142008.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP819\A0143391.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP819\A0143392.dll -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP819\A0143393.exe -> Adware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP819\A0143394.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP823\A0143708.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP823\A0143709.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\nxstinst.exe -> Spyware.NavExcel : Cleaned with backup
C:\WINDOWS\remover.dll -> Spyware.NavExcel : Cleaned with backup
C:\WINDOWS\SYSTEM32\Agent.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\winik.sys -> Trojan.Rootkit.Agent.q : Error during cleaning
C:\WINDOWS\SYSTEM32\ezStubi1.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\ezStubx.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\Freeze.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\NLNP!3.exe -> Spyware.IGetNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\NLNP13.dll -> Spyware.IGetNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup


::Report End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
Save it to your desktop.
DO NOT run it yet.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50023

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50023

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minib...ginstaller.cab


Boot into Safe Mode.

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\PROGRAM FILES\wvruooxr

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confirmation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to Tools > Delete Temp Files
In the window that pops up, put a check by ALL the options there except these three:
XP Prefetch
Recent
History
Now click the Delete Selected Temp Files button.
Exit the Killbox.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24

So sorry it is taking me so long to respone :eek: . I do appreciate your help and patience. I have done all of the above and here are the results of the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:20 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLServiceHost.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.aesoponline.com/"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125947397046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Just wanted to say Thanks again :)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
:)

Please fix this entry again with Hijack This:

O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe


Reboot, post a new log.
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
Egads!!!! I deleted the pesky thing and rebooted, rescanned and it looks like it is still there. Anywho here's the new log :):
Logfile of HijackThis v1.99.1
Scan saved at 7:59:37 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124818364\ee\AOLServiceHost.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.aesoponline.com/"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\tg0ve23j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RIFHVgUw] C:\PROGRA~1\wvruooxr\a0hFHoRM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125947397046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download WinPFind: http://www.bleepingcomputer.com/files/winpfind.php
Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet.

Download Track qoo: http://geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop

Reboot into Safe Mode.
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
Click "Start Scan"
It will scan the entire System, so please be patient.
Once the Scan is Complete
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post.

Reboot back to Normal Mode.

Double Click on "Track qoo.vbs"

Note - If your Antivirus has Script Blocking, you will get a Pop Up Window asking you what to do. Allow this Entire Script to Run, its harmless.

Wait a few seconds and a notepad page will pop up.
Copy & Paste those results and paste them in your next post along with the results of WinPFind.
 

shar6121

Thread Starter
Joined
Jan 9, 2006
Messages
24
Hiya here's the log from WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/27/2004 9:25:24 AM 9123964 C:\WINDOWS\LPT$VPN.945
PECompact2 7/27/2004 9:25:24 AM 9123964 C:\WINDOWS\VPTNFILE.945
UPX! 7/27/2004 9:25:24 AM 1036800 C:\WINDOWS\vsapi32.dll
aspack 7/27/2004 9:25:24 AM 1036800 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 8/18/2001 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 5:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
UPX! 9/21/2003 8:43:34 AM 226304 C:\WINDOWS\SYSTEM32\Xcite.dll

Checking %System%\Drivers folder and sub-folders...
aspack 6/22/2005 5:07:50 PM R 768712 C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/12/2006 4:15:48 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
12/8/2005 3:48:18 PM H 54156 C:\WINDOWS\QTFont.qfn
6/8/2010 4:55:30 PM HS 1537 C:\WINDOWS\page files\maxmeg.sys
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/12/2006 4:15:36 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
1/12/2006 4:16:12 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
1/12/2006 4:15:50 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
1/12/2006 4:16:20 PM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
1/12/2006 4:16:00 PM H 1024000 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
1/11/2006 7:08:02 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
11/16/2005 7:29:40 AM S 688 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
1/9/2006 10:54:02 PM S 23963 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
11/16/2005 7:29:40 AM S 94 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
1/9/2006 10:54:02 PM S 124 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
12/23/2005 3:13:52 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\6622dab8-72d0-4ec3-a93c-f7dc5837de7b
12/23/2005 3:13:52 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
11/16/2005 11:17:20 AM H 40611 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlbfma.GID
1/12/2006 4:14:42 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
5/24/2002 11:45:48 AM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 6/6/2002 8:14:00 AM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 12/12/2001 10:05:14 AM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\DLLCACHE\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\DLLCACHE\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/14/2005 8:51:12 AM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
11/6/2003 2:11:48 PM 741 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CheckIt 86.lnk
11/15/2001 7:31:16 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/24/2002 1:42:56 AM 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
12/9/2004 9:03:12 PM 1401 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
8/9/2003 11:38:26 AM 1609 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
12/12/2005 2:04:48 PM 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/15/2001 7:23:32 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
11/4/2004 8:10:02 PM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt

Checking files in %USERPROFILE%\Startup folder...
11/15/2001 7:31:16 AM HS 84 C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
11/15/2001 7:23:32 AM HS 62 C:\Documents and Settings\Sharon\Application Data\DESKTOP.INI
9/7/2003 10:36:18 AM 0 C:\Documents and Settings\Sharon\Application Data\dm.ini
6/24/2005 3:40:54 PM 99896 C:\Documents and Settings\Sharon\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82DF1118-9B92-45d8-B78F-1737A69A06E1}
CheckIt 86 Extension Class = C:\Program Files\CheckIt\86\CheckIt86.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
AuthBHO.cBHO = C:\Program Files\Cox\Applications\app\AuthBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
= C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{64634180-B0EA-48B6-82B7-9620D33362C1} = Cox Popup Blocker : C:\Program Files\Cox\Applications\app\AuthBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2887F316-8C6C-47ae-A462-D2C9739D2C3D}
MenuText = CheckIt &86 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{5AA06644-BC46-4220-A460-47A6EB47C96D} = :
{DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
BCMSMMSG BCMSMMSG.exe
Dell|Alert C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
FLMMEMOREX203 C:\Program Files\Browser Mouse\2.03\mouse32a.exe
SpyHunter
mm_server C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
Dell AIO Printer A960 "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
RIFHVgUw C:\PROGRA~1\wvruooxr\a0hFHoRM.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
UserFaultCheck %systemroot%\system32\dumprep 0 -u
HostManager C:\Program Files\Common Files\AOL\1124818364\ee\AOLHostManager.exe
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PhotoShow Deluxe Media Manager C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key ¼t'hWµÚ—«Èjc‰û*
Hint dogs name
FileName0 C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 4
s 4
n 4
l 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
disableregistrytools 0
disabletaskmgr 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\auserinit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/12/2006 4:26:19 PM
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top