Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » Help Please
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
Page 1 of 3 1 23 >
 
Thread Tools Display Modes
  #1  
Old 08-30-2005, 09:01 PM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
okay so that whole thing last time is still there and I've been working and had no time to do anything with it. I figured out a way to save the hjt log and get it so I can post it. Problem is that those backup files that should have been restored, but were deleted (in HJT) are not in my recycle bin. So please help me and for some reason I can't unzip that program you sent, in fact it has nowhere to unzip it. This computer is being to be more trouble than it's worth. I apologize for it's stupidity haha. Okay time for the HJT log.

Logfile of HijackThis v1.98.2
Scan saved at 8:53:50 PM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\sksk4k.exe reg_run
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [yqvine] C:\WINDOWS\System32\ctbbws.exe r
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123549660290
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll

Thank so much for everything.
__________________
--Kelly
Reply With Quote
Posted


  #2  
Old 08-30-2005, 09:19 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Ok, you have some unidentifyuable files runnimg there so lets go this direction..


Download Ewido, install then from within the program check for updates BUT dont scan yet
ewido security suite: http://fileforum.betanews.com/detai...te/1098736486/1
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"),

Now run an ewido scan as well as save the logfile created by it and post it here.
Reply With Quote
  #3  
Old 08-31-2005, 11:09 AM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
It took a while and I think it said I had 702 infected things. I left it overnight (I'm in safe mode still on that computer) so that's why I'm responding this morning.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:05:59 AM, 8/31/2005
+ Report-Checksum: D6DC7E69

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Software Installer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Bookedspace -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Bookedspace\adware -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\dhbrwsr.EXE -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaMain.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{418B46A9-5343-4E1A-A654-42B04E3F869E} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO\CLSID -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO\CurVer -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A2883F2-FDC7-4AF2-B136-203ADB475DD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -> Spyware.TVMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2} -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.TopText : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{54A41AE7-B358-4D41-98BD-BBBFFDF5186B} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DD8B352-21A7-4C24-AC49-E9B4730C1823} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B477303-698C-4EED-B9F6-C715842FBE33} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8EE1AAF5-ED6B-4601-B333-CD30FFB8B39D} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B8E910B5-7452-4A29-B121-08E8CF09EC07} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFEF1779-0E92-45A1-BF5E-55991007F912} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F00586DE-A432-4B9F-877D-E29CD87EFDD6} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore\CLSID -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore\CurVer -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\CLS ID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\Cur Ver -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows\CurVe r -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLS ID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\Cur Ver -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLS ID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\Cur Ver -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CL SID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\Cu rVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CL SID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\Cu rVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\ CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\ CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay \CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay \CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper \CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper \CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper \CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper \CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CL SID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\Cu rVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\F1.Organizer -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\F1.Organizer\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\F1.Organizer\CurVer -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\HP.Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\HP.Hopper\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\HP.Hopper\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVe r -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSI D -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurV er -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVe r -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{06E53101-654C-45EB-BFF6-E37E13B5972A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0B16B278-B2E3-4CBF-85B5-E058878F728F} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1423903E-86CC-4470-8AB0-257C10D77D45} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1DA40091-14B4-4C21-8170-A2CEEDE90B10} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3AFAE37A-56A3-4850-B599-4DA9A9104B82} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D89A731-9F4A-418F-A997-2D633C7C404C} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8} -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4DEA7CA1-3372-4204-937C-2DD4A6ED6562} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC} -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{81739076-56B7-42EC-A0AA-692794FDED1A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A2CDAFB4-EB9C-4EFC-BCFC-A7AA6745FF7E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A42DC659-33B5-409E-A433-650AC42ECCA4} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A8516F49-8046-4295-8EE9-C59D5041C9E2} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF286CEA-635D-40C5-A891-B40A0F520539} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BD6F129A-08DB-4CC5-A75A-F2AB79E55B6E} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BF9EE3A0-1A02-4265-A65F-AC4D4447F6BF} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E6831B-822B-4A1F-9EF1-1D3EB7D3E985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C9679631-7060-443F-BD37-88F9410ED8C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DEBA1742-2BEC-4B78-A987-5837971193F7} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F3816084-9608-485A-B63B-CAD8F931577E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FB82CCD5-174B-4379-BC37-72D9B5ADAEDA} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\**ToolBar.TBInfo -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\**ToolBar.TBInfo\CLSID -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\**ToolBar.TBInfo\CurVer -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Band -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Band\CLSID -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Band\CurVer -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Search -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Search\CLSID -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Sep.Search\CurVer -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\SP.SmartPops -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\SP.SmartPops\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\SP.SmartPops\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Tchk.TChkBHO -> Spyware.Inetspeak : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass\ Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{25AB1639-3F81-45A8-8318-2DAFBA8B8F3D} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{2CF0B992-5EEB-4143-99C0-5297EF71F445} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{47350D97-09E9-4590-864E-3431DA53BF37} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4B76F69E-247A-4617-ABA9-95774658AFC5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E19A321-635E-4BA5-8828-A5B6427CC61D} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{60494593-5408-447D-BD5E-A16640D6AF99} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464} -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{771262E0-8FEB-4E78-B292-B01C4071B9D1} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B82B9ECF-40AE-46F2-B98E-B87CF17F70D0} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{CDE442A3-DC2C-467E-A311-B4BC775D86C5} -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875} -> Spyware.SearchUpgrader : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{ECB25A48-E6E0-49AF-99AF-07C763E31389} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.execute -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.execute\CLSID -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.execute\CurVer -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension\CLSID -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension\CurVer -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar BHO -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar BHO\CLSID -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar BHO\CurVer -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar Name -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar Name\CLSID -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbar Name\CurVer -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\AppInfo -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\CMEII -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\IncrediFind -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\HomePage -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\MemoryWatcher -> Spyware.MemoryWatcher : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate\Installed -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ClockSync -> Spyware.Clocksync : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\D-Helper Web Driver -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Dbi -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DMO -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DyFuCA Software Installer -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\eZula -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Optimizer Active Alert -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Optimizer Software Installer -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ISTbarISTbar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MemoryWatcher -> Spyware.MemoryWatcher : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MirrorUnder -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\PGate -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\**ToolBar -> Spyware.**Toolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SEP -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ShopAtHomeSelect Agent -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SpiderSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\TimeSync -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\TTOOL_UNINSTALL -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\TV Media -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Virtual Bouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Pcsv -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\saie -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\updater -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\updater\{8D15A72D-62E0-4733-B057-0A81B4FFEB3D} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHAgent -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners\SYNC -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners\WHSE -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSearch -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\kydmzylki -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibjhin -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc\Sec urity -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc \Security -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc \Enum -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\180solutions\msbb\Placements -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\DealHelper -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\eZula -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\eZula\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\eZula\Setup\ID -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\eZula\Setup\path -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\ISTbar -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\MediaCharger -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\MediaCharger\CelebWeb -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\MediaCharger\Prefs -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\MediaCharger\SwimSuitNetwork -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Pcsv -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\** Toolbar -> Spyware.**Toolbar : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\saie -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\TimeSynchonization -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\TimeSynchonization\Time Synchronize -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\TimeSynchonization\Time Synchronize\Properties -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\WhenU -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\WhenU\ClockSync -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-780265115-3101692776-3432068994-1005\Software\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
[948] C:\WINDOWS\System32\lsp.dll -> Adware.SAHA : Cleaned with backup
[1124] C:\WINDOWS\System32\lsp.dll -> Adware.SAHA : Error during cleaning
[1316] C:\WINDOWS\System32\lsp.dll -> Adware.SAHA : Error during cleaning
[1752] C:\WINDOWS\System32\lsp.dll -> Adware.SAHA : Error during cleaning
[176] C:\WINDOWS\System32\lsp.dll -> Adware.SAHA : Error during cleaning
C:\!PeperFix\CckJd6.exe -> Backdoor.VB.nb : Cleaned with backup
C:\!PeperFix\Mjeyapi.exe -> Backdoor.VB.nb : Cleaned with backup
C:\!Submit\saie.exe -> Spyware.180Solutions : Cleaned with backup
C:\!Submit\TvmBho.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\!Submit\TvmCore.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\!Submit\zkhizef.exe -> Spyware.180Solutions : Cleaned with backup
C:\ClrSchP072.exe -> Backdoor.Ruledor.b : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@ehg-stevemadden.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\User\Desktop\Folders\backups\backup-20041017-093509-881.dll -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\i40.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\pcs_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\ptf_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\res55.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\tm38845.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BIGB35W5\195_150_ni[1].abc -> TrojanDownloader.Agent.am : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\HOWR5H0T\trk_0002[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YGVJIFYT\kw[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\User\My Documents\hijack this\backups\backup-20040703-125539-510.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\User\My Documents\hijack this\backups\backup-20040703-125539-649.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\may17_loader.exe -> TrojanDownloader.Apropo.e : Cleaned with backup
C:\Overpro323.exe -> TrojanDownloader.Agent.ac : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Cas\Client\casclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\ClockSync\Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Common Files\updater\delupdat.exe -> TrojanDownloader.Keenal : Cleaned with backup
C:\Program Files\Common Files\updater\sui.exe -> TrojanDownloader.Keenal : Cleaned with backup
C:\Program Files\Common Files\updater\wupdater.exe -> TrojanDownloader.Keenval : Cleaned with backup
C:\Program Files\DealHelper.com Inc\D-Helper Web Driver\_Setupx.dll -> Spyware.DealHelper : Cleaned with backup
C:\Program Files\DownloadWare\Downloads\43.dat/NE.exe -> Spyware.SmartPops : Cleaned with backup
C:\Program Files\DownloadWare\dw.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu.dyn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\CHCON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup<br /
__________________
--Kelly
Reply With Quote
  #4  
Old 08-31-2005, 12:37 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Ok Kelly, that looks promising. Now let me see a fresh hijack log please.
Reply With Quote
  #5  
Old 08-31-2005, 01:22 PM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
Logfile of HijackThis v1.98.2
Scan saved at 1:19:42 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\sksk4k.exe reg_run
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [yqvine] C:\WINDOWS\System32\ctbbws.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123549660290
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll

I still can't get on the internet on that computer.
__________________
--Kelly
Reply With Quote
  #6  
Old 08-31-2005, 02:32 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
You will need to use the latest release of hijack first.

http://www.downloads.subratam.org/hijackthis.zip


Ill be out for several hours but will check back upon my return..
Reply With Quote
  #