I dont know much about computers but i use spybot which deletes most of the stuff but not all of it. I downloaded hijackthis and did a scan...i dont understand any of it but thats why im posting here :)
heres the hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 7:40:08 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\iphy32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\dkpect.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hi1f1a00.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\Program Files\WinFixer 2005\WFX5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mapleglobal.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC} - C:\WINDOWS\system32\winja32.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [addbz.exe] C:\WINDOWS\system32\addbz.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crhb32.exe] C:\WINDOWS\system32\crhb32.exe
O4 - HKLM\..\Run: [ntuc.exe] C:\WINDOWS\system32\ntuc.exe
O4 - HKLM\..\Run: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [crhi32.exe] C:\WINDOWS\system32\crhi32.exe
O4 - HKLM\..\Run: [hi1f1a00] C:\WINDOWS\system32\hi1f1a00.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [iphy32.exe] C:\WINDOWS\iphy32.exe
O4 - HKLM\..\Run: [coqpvl] c:\windows\system32\dkpect.exe r
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\RunOnce: [d3ky32.exe] C:\WINDOWS\d3ky32.exe
O4 - HKLM\..\RunOnce: [d3uh32.exe] C:\WINDOWS\system32\d3uh32.exe
O4 - HKLM\..\RunOnce: [apirc.exe] C:\WINDOWS\apirc.exe
O4 - HKLM\..\RunOnce: [sysgf.exe] C:\WINDOWS\sysgf.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\system32\atlvl32.exe
O4 - HKLM\..\RunOnce: [apied32.exe] C:\WINDOWS\apied32.exe
O4 - HKLM\..\RunOnce: [apiub32.exe] C:\WINDOWS\system32\apiub32.exe
O4 - HKLM\..\RunOnce: [applw.exe] C:\WINDOWS\applw.exe
O4 - HKLM\..\RunOnce: [ipvm32.exe] C:\WINDOWS\system32\ipvm32.exe
O4 - HKLM\..\RunOnce: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\RunOnce: [sdkkd.exe] C:\WINDOWS\sdkkd.exe
O4 - HKLM\..\RunOnce: [sdklh32.exe] C:\WINDOWS\system32\sdklh32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\klrypdws.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb13.pog...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: systemp - {739F2428-3C7D-4D15-98E0-D80F54875310} - systemp.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
can someone help me please?
im having trouble getting rid of spyware
Started by
phi36westbrook
, Jul 24 2005 11:45 PM
35 replies to this topic
#2
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 01:51 AM
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.
You can follow this link if you need help: http://russelltexas....re/teatimer.htm
I want to get a better picture of the state of your system.
Please download silentrunners.zip
http://www.silentrun...ent Runners.zip
Unzip to your desktop and double click on the VBS file.
If your get a message about a malicious script, please allow the script to run. It is a diagnostic tool.
The script will save a Notepad document to your Desktop.
Copy and paste the contents of that text file into your next reply.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.
You can follow this link if you need help: http://russelltexas....re/teatimer.htm
I want to get a better picture of the state of your system.
Please download silentrunners.zip
http://www.silentrun...ent Runners.zip
Unzip to your desktop and double click on the VBS file.
If your get a message about a malicious script, please allow the script to run. It is a diagnostic tool.
The script will save a Notepad document to your Desktop.
Copy and paste the contents of that text file into your next reply.
#3
phi36westbrook
-
- Member
-
- 32 posts
Active Member
Posted 25 July 2005 - 02:33 AM
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"UIUCU" = "C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S" [file not found]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"addbz.exe" = "C:\WINDOWS\system32\addbz.exe" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"crhb32.exe" = "C:\WINDOWS\system32\crhb32.exe" [null data]
"ntuc.exe" = "C:\WINDOWS\system32\ntuc.exe" [null data]
"mfcue.exe" = "C:\WINDOWS\system32\mfcue.exe" [null data]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"crhi32.exe" = "C:\WINDOWS\system32\crhi32.exe" [null data]
"hi1f1a00" = "C:\WINDOWS\system32\hi1f1a00.exe" [empty string]
"vidctrl" = "C:\WINDOWS\system32\vidctrl\vidctrl.exe" [null data]
"iphy32.exe" = "C:\WINDOWS\iphy32.exe" [null data]
"WinFixer 2005" = "C:\Program Files\WinFixer 2005\wfx5.exe" ["WinSoftware"]
"d3st.exe" = "C:\WINDOWS\system32\d3st.exe" [null data]
"kntipso" = "c:\windows\system32\yytpdtd.exe r" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"d3ky32.exe" = "C:\WINDOWS\d3ky32.exe" [null data]
"d3uh32.exe" = "C:\WINDOWS\system32\d3uh32.exe" [null data]
"sysgf.exe" = "C:\WINDOWS\sysgf.exe" [null data]
"atlvl32.exe" = "C:\WINDOWS\system32\atlvl32.exe" [null data]
"apied32.exe" = "C:\WINDOWS\apied32.exe" [null data]
"applw.exe" = "C:\WINDOWS\applw.exe" [null data]
"ipvm32.exe" = "C:\WINDOWS\system32\ipvm32.exe" [null data]
"sysjr.exe" = "C:\WINDOWS\system32\sysjr.exe" [null data]
"netxh.exe" = "C:\WINDOWS\netxh.exe" [null data]
"appur32.exe" = "C:\WINDOWS\system32\appur32.exe" [null data]
"crao32.exe" = "C:\WINDOWS\crao32.exe" [null data]
"netix.exe" = "C:\WINDOWS\netix.exe" [null data]
"netlo.exe" = "C:\WINDOWS\system32\netlo.exe" [null data]
"appwf32.exe" = "C:\WINDOWS\appwf32.exe" [null data]
"ntzr32.exe" = "C:\WINDOWS\system32\ntzr32.exe" [null data]
"netjx.exe" = "C:\WINDOWS\system32\netjx.exe" [null data]
"appro.exe" = "C:\WINDOWS\system32\appro.exe" [null data]
"netzs.exe" = "C:\WINDOWS\netzs.exe" [null data]
"appkj.exe" = "C:\WINDOWS\system32\appkj.exe" [null data]
"appny.exe" = "C:\WINDOWS\appny.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{A007FBE6-EAD0-F0EF-4EF1-05953774572C}\(Default) = "Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ipnv32.dll" [null data]
{FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC}\(Default) = "Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winja32.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"UIUCU" = "C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S" [file not found]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"addbz.exe" = "C:\WINDOWS\system32\addbz.exe" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"crhb32.exe" = "C:\WINDOWS\system32\crhb32.exe" [null data]
"ntuc.exe" = "C:\WINDOWS\system32\ntuc.exe" [null data]
"mfcue.exe" = "C:\WINDOWS\system32\mfcue.exe" [null data]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"crhi32.exe" = "C:\WINDOWS\system32\crhi32.exe" [null data]
"hi1f1a00" = "C:\WINDOWS\system32\hi1f1a00.exe" [empty string]
"vidctrl" = "C:\WINDOWS\system32\vidctrl\vidctrl.exe" [null data]
"iphy32.exe" = "C:\WINDOWS\iphy32.exe" [null data]
"WinFixer 2005" = "C:\Program Files\WinFixer 2005\wfx5.exe" ["WinSoftware"]
"d3st.exe" = "C:\WINDOWS\system32\d3st.exe" [null data]
"kntipso" = "c:\windows\system32\yytpdtd.exe r" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"d3ky32.exe" = "C:\WINDOWS\d3ky32.exe" [null data]
"d3uh32.exe" = "C:\WINDOWS\system32\d3uh32.exe" [null data]
"sysgf.exe" = "C:\WINDOWS\sysgf.exe" [null data]
"atlvl32.exe" = "C:\WINDOWS\system32\atlvl32.exe" [null data]
"apied32.exe" = "C:\WINDOWS\apied32.exe" [null data]
"applw.exe" = "C:\WINDOWS\applw.exe" [null data]
"ipvm32.exe" = "C:\WINDOWS\system32\ipvm32.exe" [null data]
"sysjr.exe" = "C:\WINDOWS\system32\sysjr.exe" [null data]
"netxh.exe" = "C:\WINDOWS\netxh.exe" [null data]
"appur32.exe" = "C:\WINDOWS\system32\appur32.exe" [null data]
"crao32.exe" = "C:\WINDOWS\crao32.exe" [null data]
"netix.exe" = "C:\WINDOWS\netix.exe" [null data]
"netlo.exe" = "C:\WINDOWS\system32\netlo.exe" [null data]
"appwf32.exe" = "C:\WINDOWS\appwf32.exe" [null data]
"ntzr32.exe" = "C:\WINDOWS\system32\ntzr32.exe" [null data]
"netjx.exe" = "C:\WINDOWS\system32\netjx.exe" [null data]
"appro.exe" = "C:\WINDOWS\system32\appro.exe" [null data]
"netzs.exe" = "C:\WINDOWS\netzs.exe" [null data]
"appkj.exe" = "C:\WINDOWS\system32\appkj.exe" [null data]
"appny.exe" = "C:\WINDOWS\appny.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{A007FBE6-EAD0-F0EF-4EF1-05953774572C}\(Default) = "Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ipnv32.dll" [null data]
{FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC}\(Default) = "Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winja32.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
#4
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 04:10 AM
You'll need some tools. Do these downloads first please.
--------
Download CWShredder from this page:
http://www.intermute...r_download.html
Don't run it yet.
--------
Download AboutBuster created by Rubber Ducky.
http://www.downloads...AboutBuster.zip
Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit". We don't want you to run it yet. Only get the updates so it is ready to run later in safe mode.
-----------------------------------------
Download the latest version of Ad-Aware
Be sure to update your Ad-Aware.
--------
Download CWShredder from this page:
http://www.intermute...r_download.html
Don't run it yet.
--------
Download AboutBuster created by Rubber Ducky.
http://www.downloads...AboutBuster.zip
Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit". We don't want you to run it yet. Only get the updates so it is ready to run later in safe mode.
-----------------------------------------
Download the latest version of Ad-Aware
Be sure to update your Ad-Aware.
#5
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 04:48 AM
Download Pocket Killbox version 2.0.0.175
http://www.atribune....ads/KillBox.exe
Save it on the desktop. We'll use it later.
Copy the contents of the code box to notepad.
Name the file as out.reg
Save as Type: All files
Save on the desktop.
We'll use it later.
--------------
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Because XP will not always show you hidden files and folders by default.
Reset your search settings first.
Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and look down to More advanced options and click onthe chevron next to it.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------
Restart into Safe mode.
Go to Start>Run and type Hijackthis. Press enter to start HijackThis. DO NOT OPEN ANYTHING ELSE!
Select these items and press the fix checked button:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mapleglobal.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Class - {FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC} - C:\WINDOWS\system32\winja32.dll
O4 - HKLM\..\Run: [addbz.exe] C:\WINDOWS\system32\addbz.exe
O4 - HKLM\..\Run: [crhb32.exe] C:\WINDOWS\system32\crhb32.exe
O4 - HKLM\..\Run: [ntuc.exe] C:\WINDOWS\system32\ntuc.exe
O4 - HKLM\..\Run: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [crhi32.exe] C:\WINDOWS\system32\crhi32.exe
O4 - HKLM\..\Run: [hi1f1a00] C:\WINDOWS\system32\hi1f1a00.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [iphy32.exe] C:\WINDOWS\iphy32.exe
O4 - HKLM\..\Run: [coqpvl] c:\windows\system32\dkpect.exe r
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\klrypdws.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O21 - SSODL: systemp - {739F2428-3C7D-4D15-98E0-D80F54875310} - systemp.dll (file missing)
Double click on out.reg and say yes to the prompt.
Run Killbox.exe by double clicking on it.
Select Delete on Reboot.
Copy this entire list of files to the clipboard.
C:\WINDOWS\system32\addbz.exe
C:\WINDOWS\system32\crhb32.exe
C:\WINDOWS\system32\ntuc.exe
C:\WINDOWS\system32\mfcue.exe
C:\WINDOWS\system32\crhi32.exe
C:\WINDOWS\system32\hi1f1a00.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\iphy32.exe
C:\WINDOWS\system32\d3st.exe
c:\windows\system32\yytpdtd.exe
C:\WINDOWS\d3ky32.exe
C:\WINDOWS\system32\d3uh32.exe
C:\WINDOWS\sysgf.exe
C:\WINDOWS\system32\atlvl32.exe
C:\WINDOWS\apied32.exe
C:\WINDOWS\applw.exe
C:\WINDOWS\system32\ipvm32.exe
C:\WINDOWS\system32\sysjr.exe
C:\WINDOWS\netxh.exe
C:\WINDOWS\system32\appur32.exe
C:\WINDOWS\crao32.exe
C:\WINDOWS\netix.exe
C:\WINDOWS\system32\netlo.exe
C:\WINDOWS\appwf32.exe
C:\WINDOWS\system32\ntzr32.exe
C:\WINDOWS\system32\netjx.exe
C:\WINDOWS\system32\appro.exe
C:\WINDOWS\netzs.exe
C:\WINDOWS\system32\appkj.exe
C:\WINDOWS\appny.exe
C:\WINDOWS\iphy32.exe
c:\windows\system32\dkpect.exe
(Highlight the list. Press CTRL + C)
In the Killbox,
Go to the toolbar to File> Paste from clipboard. Click Paste from Clipboard.
All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step.
Click the red icon with the white X at the upper right.
You will be prompted to restart. Say no and exit.
***Restart back into Safe Mode.
-------------
Run About:Buster
Double click on the AboutBuster. Follow the instruction prompts to use the program and let do two scans (it will ask). When finished, press the *Save log* button.
-----------
Run CWShredder and press the fix button to clean.
-----------
Restart back into Safe mode and run Ad-Aware.
-----------
Empty your Temporary Internet Files and history in Internet Options.
It's a good idea to do that regularly.
Go to Internet Options>Programs
Click the reset Web Settings Button to reset your home and search pages.
----------
Restart into Regular Windows.
----------
Go to this link and run the free AV scan to clean up the residual files:
http://housecall.tre.../start_corp.asp
-------------
If you were using a Hosts File it was deleted.
Download the Hoster from the link below. Click Restore Original Hosts. Click OK.
http://www.funkytoad...load/hoster.zip
--------
control.exe may have been deleted. If you go to start >Run and type control.exe and press enter, control panel should open. If it doesn't you need a new copy of control.exe
Follow instructions here to replace it: http://www.spywarein...es.html#control
----
Check System32 to be sure you have a file named Shell.dll
If you do not have one, go to System32\dllcache
Find shell.dll and right click on it. Choose Copy from the menu.
Open System32 and right click on an empty space in the window. Choose Paste from the menu.
------
Go here and follow the directions to reset your ActiveX
http://www.computerc.../postt7736.html
--------------
Finally, go to Start >run and paste in this command. Press enter:
Run hijackthis again and post your new log here.
Post the About:Buster log.
We'll take care of your other major infection after this one has been fixed.
http://www.atribune....ads/KillBox.exe
Save it on the desktop. We'll use it later.
Copy the contents of the code box to notepad.
Name the file as out.reg
Save as Type: All files
Save on the desktop.
We'll use it later.
CODE
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
--------------
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Because XP will not always show you hidden files and folders by default.
Reset your search settings first.
Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and look down to More advanced options and click onthe chevron next to it.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------
Restart into Safe mode.
Go to Start>Run and type Hijackthis. Press enter to start HijackThis. DO NOT OPEN ANYTHING ELSE!
Select these items and press the fix checked button:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zqqqf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mapleglobal.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Class - {FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC} - C:\WINDOWS\system32\winja32.dll
O4 - HKLM\..\Run: [addbz.exe] C:\WINDOWS\system32\addbz.exe
O4 - HKLM\..\Run: [crhb32.exe] C:\WINDOWS\system32\crhb32.exe
O4 - HKLM\..\Run: [ntuc.exe] C:\WINDOWS\system32\ntuc.exe
O4 - HKLM\..\Run: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [crhi32.exe] C:\WINDOWS\system32\crhi32.exe
O4 - HKLM\..\Run: [hi1f1a00] C:\WINDOWS\system32\hi1f1a00.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [iphy32.exe] C:\WINDOWS\iphy32.exe
O4 - HKLM\..\Run: [coqpvl] c:\windows\system32\dkpect.exe r
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\klrypdws.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O21 - SSODL: systemp - {739F2428-3C7D-4D15-98E0-D80F54875310} - systemp.dll (file missing)
Double click on out.reg and say yes to the prompt.
Run Killbox.exe by double clicking on it.
Select Delete on Reboot.
Copy this entire list of files to the clipboard.
C:\WINDOWS\system32\addbz.exe
C:\WINDOWS\system32\crhb32.exe
C:\WINDOWS\system32\ntuc.exe
C:\WINDOWS\system32\mfcue.exe
C:\WINDOWS\system32\crhi32.exe
C:\WINDOWS\system32\hi1f1a00.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\iphy32.exe
C:\WINDOWS\system32\d3st.exe
c:\windows\system32\yytpdtd.exe
C:\WINDOWS\d3ky32.exe
C:\WINDOWS\system32\d3uh32.exe
C:\WINDOWS\sysgf.exe
C:\WINDOWS\system32\atlvl32.exe
C:\WINDOWS\apied32.exe
C:\WINDOWS\applw.exe
C:\WINDOWS\system32\ipvm32.exe
C:\WINDOWS\system32\sysjr.exe
C:\WINDOWS\netxh.exe
C:\WINDOWS\system32\appur32.exe
C:\WINDOWS\crao32.exe
C:\WINDOWS\netix.exe
C:\WINDOWS\system32\netlo.exe
C:\WINDOWS\appwf32.exe
C:\WINDOWS\system32\ntzr32.exe
C:\WINDOWS\system32\netjx.exe
C:\WINDOWS\system32\appro.exe
C:\WINDOWS\netzs.exe
C:\WINDOWS\system32\appkj.exe
C:\WINDOWS\appny.exe
C:\WINDOWS\iphy32.exe
c:\windows\system32\dkpect.exe
(Highlight the list. Press CTRL + C)
In the Killbox,
Go to the toolbar to File> Paste from clipboard. Click Paste from Clipboard.
All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step.
Click the red icon with the white X at the upper right.
You will be prompted to restart. Say no and exit.
***Restart back into Safe Mode.
-------------
Run About:Buster
Double click on the AboutBuster. Follow the instruction prompts to use the program and let do two scans (it will ask). When finished, press the *Save log* button.
-----------
Run CWShredder and press the fix button to clean.
-----------
Restart back into Safe mode and run Ad-Aware.
-----------
Empty your Temporary Internet Files and history in Internet Options.
It's a good idea to do that regularly.
Go to Internet Options>Programs
Click the reset Web Settings Button to reset your home and search pages.
----------
Restart into Regular Windows.
----------
Go to this link and run the free AV scan to clean up the residual files:
http://housecall.tre.../start_corp.asp
-------------
If you were using a Hosts File it was deleted.
Download the Hoster from the link below. Click Restore Original Hosts. Click OK.
http://www.funkytoad...load/hoster.zip
--------
control.exe may have been deleted. If you go to start >Run and type control.exe and press enter, control panel should open. If it doesn't you need a new copy of control.exe
Follow instructions here to replace it: http://www.spywarein...es.html#control
----
Check System32 to be sure you have a file named Shell.dll
If you do not have one, go to System32\dllcache
Find shell.dll and right click on it. Choose Copy from the menu.
Open System32 and right click on an empty space in the window. Choose Paste from the menu.
------
Go here and follow the directions to reset your ActiveX
http://www.computerc.../postt7736.html
--------------
Finally, go to Start >run and paste in this command. Press enter:
CODE
regsvr32 "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
Run hijackthis again and post your new log here.
Post the About:Buster log.
We'll take care of your other major infection after this one has been fixed.
#7
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 06:11 PM
Hi,
Is that the entire About:Buster log? I think it may have been too long and was cut off. Please post the rest of it.
Mo
Is that the entire About:Buster log? I think it may have been too long and was cut off. Please post the rest of it.
Mo
#8
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 06:25 PM
Alos before we begin go to this link
http://virusscan.jotti.org/
Paste this into the box and click Submit.
C:\WINDOWS\dinst.exe
It will scan the file and give you a result when it finishes.
Please copy and pase the result here.
Other than that I am ready to advise.
http://virusscan.jotti.org/
Paste this into the box and click Submit.
C:\WINDOWS\dinst.exe
It will scan the file and give you a result when it finishes.
Please copy and pase the result here.
Other than that I am ready to advise.
#9
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 07:11 PM
Don't post all the stream information then I see what you mean!. Skip down past that part. And then follow these directions so we can get on with the removal.
Go to this link
http://virusscan.jotti.org/
Paste this into the box and click Submit.
C:\WINDOWS\dinst.exe
It will scan the file and give you a result when it finishes.
Please copy and pase the result here.
Other than that I am ready to advise.
Go to this link
http://virusscan.jotti.org/
Paste this into the box and click Submit.
C:\WINDOWS\dinst.exe
It will scan the file and give you a result when it finishes.
Please copy and pase the result here.
Other than that I am ready to advise.
#10
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 07:22 PM
Please stop posting and go back to the last page. Read my instructions. I cannot stay much longer and you need to get on with the removal. Skip th erest of the about buster log.
#11
phi36westbrook
-
- Member
-
- 32 posts
Active Member
Posted 25 July 2005 - 07:23 PM
ok thats it....hopefully u got all that.....
#12
phi36westbrook
-
- Member
-
- 32 posts
Active Member
Posted 25 July 2005 - 07:30 PM
ok sry i didnt see that message....
but heres the results of that scan
File: dinst.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a7cd14f70fe54faea5e2a6b030dcaa3a
Packers detected: -
Scanner results
AntiVir Found TR/Dldr.Intexp.B
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.OneClickNetSearch.1 (probable variant)
but heres the results of that scan
File: dinst.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a7cd14f70fe54faea5e2a6b030dcaa3a
Packers detected: -
Scanner results
AntiVir Found TR/Dldr.Intexp.B
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.OneClickNetSearch.1 (probable variant)
#13
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 25 July 2005 - 07:40 PM
That was the longest About:Buster log I have ever seen. I have deleted all those posts because they made this topic unreadable. Sorry about that. They were just incredibly long and added nothing really useful. You sure had a lot of streams!
Here we go. Removal instructions!
Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but do not run it yet.
http://www.ccleaner.com/ccdownload.asp
Please download this installer for the Nailfix utility revised
http://www.noidea.us...050711214630636
DO NOT run it yet.
Alternate download link here: Nailfix.zip
http://www.spywareai...22&softtype=zip
------------------
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Because XP will not always show you hidden files and folders by default.
Reset your search settings first.
Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and look down to More advanced options and click onthe chevron next to it.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------
Reboot to Safe Mode
Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next, run Ewido again.
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [random] c:\windows\system32\random.exe r
Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.
Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).
Delete C:\windows\dinst.exe
Now, run CCleaner.
Uncheck "Cookies" under "Internet Explorer".
If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
Here we go. Removal instructions!
Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but do not run it yet.
http://www.ccleaner.com/ccdownload.asp
Please download this installer for the Nailfix utility revised
http://www.noidea.us...050711214630636
DO NOT run it yet.
Alternate download link here: Nailfix.zip
http://www.spywareai...22&softtype=zip
------------------
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Because XP will not always show you hidden files and folders by default.
Reset your search settings first.
Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and look down to More advanced options and click onthe chevron next to it.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------
Reboot to Safe Mode
Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next, run Ewido again.
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [random] c:\windows\system32\random.exe r
Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.
Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).
Delete C:\windows\dinst.exe
Now, run CCleaner.
Uncheck "Cookies" under "Internet Explorer".
If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
#14
phi36westbrook
-
- Member
-
- 32 posts
Active Member
Posted 26 July 2005 - 01:25 AM
ok heres the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:15:18 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\dakboxe.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [qvohup] c:\windows\system32\dakboxe.exe r
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb13.pog...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\cwshredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
the ewido log is very long like the other one, so i will post all that will fit on this post and if you want any more of it, just let me know! I ignored all the infections so I dont mess anything up, but there were over 2000 infections
o and thanks for hangin with me..... :)
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:09:43 PM, 7/25/2005
+ Report-Checksum: D493AF09
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0374CA48-A799-5108-7C38-BAC7CF481D17} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04256906-BECE-83AC-2058-27ABA38B11A3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04EDA6A5-3C09-E146-8F75-5684DDB4E2A7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07D80144-9372-FEAC-AEDD-21AE8732F067} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0CAA0-8206-9DCC-5402-D4CC24EC1764} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B4F9B2C-F81D-7C42-AE33-07F0FCB846EC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B936818-A83D-004A-625A-757B4D758CC6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0FBFA147-FFB4-19A8-49F8-D1A17B80E32D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0FCD3397-0498-446E-A6F7-E41F7343F3C0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{109FCEAD-8C5C-5B76-3BB3-A646D2B52C93} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12130DCB-3DF4-96EC-27B9-61E0D766F680} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{13898BD6-0873-1991-8C89-C965424CDB1C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1B2B1933-92B1-481C-EB27-35E36BF72B5B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1D232F9D-941D-5CD9-732F-8F6EC1977CF2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{24E10FF7-10AA-6198-95AE-258D49D9ABCA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{25742C0F-DC0D-F5DC-55DE-C66285AA22AB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{25ADEB1C-223C-2A7D-D3AD-712F742ABDB1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2A80D71D-33B8-3E91-8293-2130B34265A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{346C69D8-47DA-8D25-2793-091F27AD1739} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{347CE5A5-6599-8A80-9D8E-06843CFEDD27} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3507B32F-B4F9-0B6B-5168-A74196010FA0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{430B869B-EB6E-CBD3-5E4D-6D279372AA20} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{499E19B2-6F56-DFF8-CF23-EB7565388036} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4A7E0ADF-C8A2-08D3-D46C-91318C2CD9A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4B3176F0-E32F-B010-C0D8-65FC118C3716} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4F8E9FA5-37E2-683E-E18D-19AC6697532D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FBFBE36-BC17-CAB4-CA0B-1F18DD30B292} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FFB405E-2D99-7374-B6D3-F0CD9DC8744E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{53B83EBA-809F-C983-5C07-4CB6E85D8F3A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5735BB6F-7A93-49E1-B628-ABB60DAA5F0B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{597DD6BD-9B68-6317-F535-F180E2D3AAB6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5AF0B5AF-80E5-5F00-7457-4FF9847707D9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5BCC3EE7-9153-E89F-6D4E-9B02B02B4E2E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5FFA6789-7ABE-BCB3-18BC-3EB6BE2C1706} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6327D790-4626-130D-8171-E0E6AB10B53B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{69A88C5E-04E5-741D-6CA2-9CB5374EB263} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6A493714-8012-621E-A09E-CD80FF52FB1F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6EDB124C-8B12-ABA8-CA16-CEBAC7061ADE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{71476230-0B89-E69D-D223-279F989C21BB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{73A0FEF4-C4EC-89F0-F3BC-FE7F59AD1DBA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{76321C6A-B800-93A4-24BB-B1F318D2A8E0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{763FC5CF-92D8-A8BE-597E-1C53C8D18D56} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{765369C1-D4E0-D6A4-69B4-6261D4E1319A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7904D3DD-22E5-C0C1-0648-E66A3897E380} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{792E2C95-AEBD-D9B8-E958-AD1BB5A3D9BA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7A66D0FF-9707-2E41-A80D-7DE113BDAC8B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7D1F318F-6264-F55E-366B-93087AE94B29} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7DFA112F-21B6-72CE-A5DE-09FEAF22C151} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{818D123D-B7CF-1169-DD32-2310AD262479} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8327E127-2658-4B06-86B0-8D575DE1575B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{841CB982-C366-4290-3F00-95A1A5F3C340} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{85E6B001-B482-61AE-78C6-6EAE60D74D00} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8A0FEDBB-3762-AEB7-E85E-6BCC16F76759} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{913EAD11-DA6B-5C8F-D264-E3D4FC8BA5DD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{931A8005-8460-7AEC-010F-C5E04983BE41} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{94411682-B9FC-FEB4-9621-5E2E45736A51} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{97DCBB56-FF7B-D770-38B4-EAF169E5C483} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9A7083BD-566F-B299-344C-47ABCAB6F765} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E960055-CBAB-522C-F6D0-3C06FAA39285} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9EDC0D8F-954E-A638-C240-D52042910A62} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9F1D249D-1545-56CD-0C52-0C2EE115ABB1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A0B249A8-05AF-32B0-992B-DB1CAFDEB3E4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A167704A-0F01-8543-16A8-ECF3EBA5DC01} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A1BC7CDD-070B-7E5C-FEAD-F4789795AD1A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A5910E94-A676-201D-0838-F81C7746194D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A66A7703-9E5D-D32F-B86A-2B0EE436B436} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6A537E1-A69B-6C58-00AC-B6C4E8539037} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AB537FC9-E3D4-FBBF-80FD-2CDE0ABCC38B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AB6F81AC-6C76-BCBF-C021-1BA9321DF5F0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B279D474-B064-DCC7-5638-6B0E0A96537C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B38F516E-48F2-CDBB-7D76-E0CFBCDBEE45} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B6233EB3-872F-7898-F4A8-3F6A3BAA6D57} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B7F4D50B-EAC3-A3F3-769F-96194A8DECDE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BC0FE7F5-AD1D-A795-C683-F3EB54072EFE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCA18F7D-4CAB-D300-286E-432722FFB0FB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCB07B6E-BEFE-ADD4-7CEB-728FF235B841} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCE50D6B-B3E6-30B9-72AB-14B60D86EB35} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C3CBD491-14A8-F1D3-52CC-F2038BD5FDDE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C42CF26E-2B02-05DE-7D7B-A16C5C2095BB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C432F8C9-5E41-F564-674E-C21B8257061B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C74DF792-DD4B-4B33-4D25-BB3E8A211BB3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CD283BB0-5FEA-F204-BC88-8C3CA240315D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CDEC09E6-8009-FC50-5FF8-83F317343213} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D75B9D6B-FB2A-EE40-24DA-791D27C77147} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D775F18B-70E6-FBB1-C13D-52CE71E899B3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DA826568-8230-C8BC-199C-3E738A0E5A48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DBD7A92A-DF8C-2D8E-D6F7-B5116A70ADC5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DCBA986D-47CE-1474-2CC9-32D4B1DC8A6C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E36A99D7-088F-A5E8-1BA4-87116D938D49} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5E7F1CA-5A18-A75A-2286-0FF9E3A0C2CA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EAE338CA-76EC-EAE9-7C17-A152A831A537} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EB3166D5-6855-FBE1-8A6F-C933AE42DD82} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EBB942DD-6CAD-83C9-BB7A-1A229122535B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EC1F3079-B552-372A-C22C-02C86B281422} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F11F9DB0-0FF7-6C42-7FE8-403827B54315} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F2352FD0-B78A-FC66-EE98-5DFBF99E1F48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F4758A19-4B23-B61B-0125-C805E79FBA5A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F6802757-10AB-DBC8-719A-C48394D31082} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F7B868F8-EA98-86A3-D29E-5BCE94E2DD6A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA6A8ADC-5ACF-A739-A8BF-5E4D7B5991C1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FBA372DA-732C-2096-07DB-AA0E71833D10} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FCEBB27B-4E18-DA71-68DF-31397091EAF8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FE0CF482-D7A9-BD18-0056-CF55E4EDD446} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FEDB5C70-C8D3-5CE0-5433-3BFBF961AF4B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Ignored
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Ignored
HKU\S-1-5-21-606747145-1202660629-682003330-1009\Software\Mvu -> Spyware.Delfin : Ignored
C:\Documents and Settings\mom\Cookies\mom@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\mom\Cookies\mom@a.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Ignored
C:\Documents and Settings\mom\Cookies\mom@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\mom\Cookies\mom@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\mom\Cookies\mom@ads.x10[1].txt -> Spyware.Cookie.X10 : Ignored
C:\Documents and Settings\mom\Cookies\mom@advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\mom\Cookies\mom@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\mom\Cookies\mom@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Ignored
C:\Documents and Settings\mom\Cookies\mom@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\mom\Cookies\mom@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\mom\Cookies\mom@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\mom\Cookies\mom@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\mom\Cookies\mom@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\mom\Cookies\mom@findwhat[1].txt -> Spyware.Cookie.Findwhat : Ignored
C:\Documents and Settings\mom\Cookies\mom@gator[1].txt -> Spyware.Cookie.Gator : Ignored
C:\Documents and Settings\mom\Cookies\mom@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Ignored
C:\Documents and Settings\mom\Cookies\mom@overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\mom\Cookies\mom@paycounter[1].txt -> Spyware.Cookie.Paycounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@pro-market[2].txt -> Spyware.Cookie.Pro-market : Ignored
C:\Documents and Settings\mom\Cookies\mom@qksrv[2].txt -> Spyware.Cookie.Qksrv : Ignored
C:\Documents and Settings\mom\Cookies\mom@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\mom\Cookies\mom@revenue[1].txt -> Spyware.Cookie.Revenue : Ignored
C:\Documents and Settings\mom\Cookies\mom@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\mom\Cookies\mom@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\mom\Cookies\mom@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Ignored
C:\Documents and Settings\mom\Cookies\mom@specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\mom\Cookies\mom@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\mom\Cookies\mom@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\mom\Cookies\mom@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Ignored
C:\Documents and Settings\mom\Cookies\mom@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\mom\Desktop\SmileyCentralSetup2.0.3.2.exe -> Spyware.MyWebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\F6.tmp\thnall1ac.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\toolbar.cab/IExploreSkins.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\toolbar.cab/toolbar.dll -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/IExploreSkins.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/TBPS.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/toolbar.dll -> Spyware.WebSearch : Ignored
C:\Documents and Settings\Owner\Application Data\ttuh.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.bq : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\polmx3.cab/polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\WToolsA.exe -> Spyware.Wintools : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\wu.exe -> Adware.SaveNow : Ignored
C:\Documents and Settings\Scott\Application Data\ttuh.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Scott\Cookies\scott@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Scott\Cookies\scott@atdmt[1].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Scott\Cookies\scott@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Ignored
C:\Documents and Settings\Scott\Cookies\scott@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\polmx3.cab/polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\THI7A1E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\THI7A1E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\WToolsA.exe -> TrojanDownloader.WinTool : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\WToolsB.dll -> Spyware.Wintools : Ignored
C:\Documents and Settings\Steve\Cookies\steve@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ldzacoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Steve\Cookies\steve@ads.x10[1].txt -> Spyware.Cookie.X10 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Steve\Cookies\steve@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@fastclick[1].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Steve\Cookies\steve@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Steve\Cookies\steve@specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@statcounter[2].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Steve\Cookies\steve@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\Steve\Cookies\steve@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@adorigin[2].txt -> Spyware.Cookie.Adorigin : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@burstnet[2].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@perf.overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\hijackthis\backups\backup-20050725-123526-286.dll -> TrojanDownloader.Agent.bc : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\2D.tmp\thnall1ac.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@burstnet[1].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\ICD1.tmp\m67m.ocx -> Spyware.MediaMotor : Ignored
C:\Downloads\RCT2_TT-dm[1].exe -> Spyware.Trymedia : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\Program Files\ClockSync(2)\Sync.exe_tobedeleted -> Adware.SaveNow : Ignored
C:\Program Files\Common Files\drnrfmul\dfrcaomtre\lsffmaeqs.exe -> Adware.Gator : Ignored
C:\Program Files\Common Files\drnrfmul\fedcrbcn\rmfdmbru.exe -> Adware.Gator : Ignored
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Ignored
C:\Program Files\Common Files\urkz\urkza.exe -> TrojanDownloader.TSUpdate.l : Ignored
C:\Program Files\Common Files\urkz\urkzl.exe -> TrojanDownloader.TSUpdate.j : Ignored
C:\Program Files\Common Files\urkz\urkzm.exe -> TrojanDownloader.TSUpdate.k : Ignored
C:\Program Files\Common Files\urkz\urkzp.exe -> Spyware.Xupiter : Ignored
C:\Program Files\Internet Explorer\zrtfkvkd.exe -> TrojanDownloader.Agent.aw : Ignored
C:\Program Files\rdso\eetu.exe -> Spyware.PurityScan : Ignored
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll -> Spyware.WinAD : Ignored
C:\temp\SearchRelevancy.exe -> Spyware.Relevance.a : Ignored
C:\WINDOWS\7k0.sys -> Trojan.Delf.cf : Ignored
C:\WINDOWS\8ccqifrt.exe -> Adware.SAHA : Ignored
C:\WINDOWS\aagch.dll -> Spyware.SearchPage : Ignored
C:\WINDOWS\addaj.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addak.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addcc32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addcj32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addco32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addde.dll -> TrojanDownloader.Agent.kd : Ignored
C:\WINDOWS\adddz32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addeg.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addfd.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addfi32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addfk.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addfq32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addia32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addju32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addlb32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addmb.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addmh.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addov32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addoy.dll -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addpm32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addqi.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addro.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addrx32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addsh32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addsy.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\adduc.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addul.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addul32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addvk.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addwk.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addwt32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addxf.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addxn.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addxv32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addym.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addyy32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addzd.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addzl32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\aolvv.txt:gggee -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiaf32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apiah32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apidg.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apies.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apifg32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apifq.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apigr.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apihc.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apihj.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apihw32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiit32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apijh.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apijk32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apile.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apilg.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apilq32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apimp.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apinb.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apiom32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apipo.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apipv.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apiqb32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiqo32.dll -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiro32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apitb32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apitc.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apitf32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apitp.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\ap
Logfile of HijackThis v1.99.1
Scan saved at 9:15:18 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\dakboxe.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [qvohup] c:\windows\system32\dakboxe.exe r
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb13.pog...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\cwshredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
the ewido log is very long like the other one, so i will post all that will fit on this post and if you want any more of it, just let me know! I ignored all the infections so I dont mess anything up, but there were over 2000 infections
o and thanks for hangin with me..... :)
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:09:43 PM, 7/25/2005
+ Report-Checksum: D493AF09
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0374CA48-A799-5108-7C38-BAC7CF481D17} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04256906-BECE-83AC-2058-27ABA38B11A3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{04EDA6A5-3C09-E146-8F75-5684DDB4E2A7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07D80144-9372-FEAC-AEDD-21AE8732F067} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0CAA0-8206-9DCC-5402-D4CC24EC1764} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B4F9B2C-F81D-7C42-AE33-07F0FCB846EC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B936818-A83D-004A-625A-757B4D758CC6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0FBFA147-FFB4-19A8-49F8-D1A17B80E32D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0FCD3397-0498-446E-A6F7-E41F7343F3C0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{109FCEAD-8C5C-5B76-3BB3-A646D2B52C93} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12130DCB-3DF4-96EC-27B9-61E0D766F680} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{13898BD6-0873-1991-8C89-C965424CDB1C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1B2B1933-92B1-481C-EB27-35E36BF72B5B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1D232F9D-941D-5CD9-732F-8F6EC1977CF2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{24E10FF7-10AA-6198-95AE-258D49D9ABCA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{25742C0F-DC0D-F5DC-55DE-C66285AA22AB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{25ADEB1C-223C-2A7D-D3AD-712F742ABDB1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2A80D71D-33B8-3E91-8293-2130B34265A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{346C69D8-47DA-8D25-2793-091F27AD1739} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{347CE5A5-6599-8A80-9D8E-06843CFEDD27} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3507B32F-B4F9-0B6B-5168-A74196010FA0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{430B869B-EB6E-CBD3-5E4D-6D279372AA20} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{499E19B2-6F56-DFF8-CF23-EB7565388036} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4A7E0ADF-C8A2-08D3-D46C-91318C2CD9A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4B3176F0-E32F-B010-C0D8-65FC118C3716} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4F8E9FA5-37E2-683E-E18D-19AC6697532D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FBFBE36-BC17-CAB4-CA0B-1F18DD30B292} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4FFB405E-2D99-7374-B6D3-F0CD9DC8744E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{53B83EBA-809F-C983-5C07-4CB6E85D8F3A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5735BB6F-7A93-49E1-B628-ABB60DAA5F0B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{597DD6BD-9B68-6317-F535-F180E2D3AAB6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5AF0B5AF-80E5-5F00-7457-4FF9847707D9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5BCC3EE7-9153-E89F-6D4E-9B02B02B4E2E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5FFA6789-7ABE-BCB3-18BC-3EB6BE2C1706} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6327D790-4626-130D-8171-E0E6AB10B53B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{69A88C5E-04E5-741D-6CA2-9CB5374EB263} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6A493714-8012-621E-A09E-CD80FF52FB1F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6EDB124C-8B12-ABA8-CA16-CEBAC7061ADE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{71476230-0B89-E69D-D223-279F989C21BB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{73A0FEF4-C4EC-89F0-F3BC-FE7F59AD1DBA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{76321C6A-B800-93A4-24BB-B1F318D2A8E0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{763FC5CF-92D8-A8BE-597E-1C53C8D18D56} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{765369C1-D4E0-D6A4-69B4-6261D4E1319A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7904D3DD-22E5-C0C1-0648-E66A3897E380} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{792E2C95-AEBD-D9B8-E958-AD1BB5A3D9BA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7A66D0FF-9707-2E41-A80D-7DE113BDAC8B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7D1F318F-6264-F55E-366B-93087AE94B29} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7DFA112F-21B6-72CE-A5DE-09FEAF22C151} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{818D123D-B7CF-1169-DD32-2310AD262479} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8327E127-2658-4B06-86B0-8D575DE1575B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{841CB982-C366-4290-3F00-95A1A5F3C340} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{85E6B001-B482-61AE-78C6-6EAE60D74D00} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8A0FEDBB-3762-AEB7-E85E-6BCC16F76759} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{913EAD11-DA6B-5C8F-D264-E3D4FC8BA5DD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{931A8005-8460-7AEC-010F-C5E04983BE41} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{94411682-B9FC-FEB4-9621-5E2E45736A51} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{97DCBB56-FF7B-D770-38B4-EAF169E5C483} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9A7083BD-566F-B299-344C-47ABCAB6F765} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E960055-CBAB-522C-F6D0-3C06FAA39285} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9EDC0D8F-954E-A638-C240-D52042910A62} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9F1D249D-1545-56CD-0C52-0C2EE115ABB1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A0B249A8-05AF-32B0-992B-DB1CAFDEB3E4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A167704A-0F01-8543-16A8-ECF3EBA5DC01} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A1BC7CDD-070B-7E5C-FEAD-F4789795AD1A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A5910E94-A676-201D-0838-F81C7746194D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A66A7703-9E5D-D32F-B86A-2B0EE436B436} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6A537E1-A69B-6C58-00AC-B6C4E8539037} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AB537FC9-E3D4-FBBF-80FD-2CDE0ABCC38B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AB6F81AC-6C76-BCBF-C021-1BA9321DF5F0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B279D474-B064-DCC7-5638-6B0E0A96537C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B38F516E-48F2-CDBB-7D76-E0CFBCDBEE45} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B6233EB3-872F-7898-F4A8-3F6A3BAA6D57} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B7F4D50B-EAC3-A3F3-769F-96194A8DECDE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BC0FE7F5-AD1D-A795-C683-F3EB54072EFE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCA18F7D-4CAB-D300-286E-432722FFB0FB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCB07B6E-BEFE-ADD4-7CEB-728FF235B841} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BCE50D6B-B3E6-30B9-72AB-14B60D86EB35} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C3CBD491-14A8-F1D3-52CC-F2038BD5FDDE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C42CF26E-2B02-05DE-7D7B-A16C5C2095BB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C432F8C9-5E41-F564-674E-C21B8257061B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C74DF792-DD4B-4B33-4D25-BB3E8A211BB3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CD283BB0-5FEA-F204-BC88-8C3CA240315D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CDEC09E6-8009-FC50-5FF8-83F317343213} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D75B9D6B-FB2A-EE40-24DA-791D27C77147} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D775F18B-70E6-FBB1-C13D-52CE71E899B3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DA826568-8230-C8BC-199C-3E738A0E5A48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DBD7A92A-DF8C-2D8E-D6F7-B5116A70ADC5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DCBA986D-47CE-1474-2CC9-32D4B1DC8A6C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E36A99D7-088F-A5E8-1BA4-87116D938D49} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E5E7F1CA-5A18-A75A-2286-0FF9E3A0C2CA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EAE338CA-76EC-EAE9-7C17-A152A831A537} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EB3166D5-6855-FBE1-8A6F-C933AE42DD82} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EBB942DD-6CAD-83C9-BB7A-1A229122535B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EC1F3079-B552-372A-C22C-02C86B281422} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F11F9DB0-0FF7-6C42-7FE8-403827B54315} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F2352FD0-B78A-FC66-EE98-5DFBF99E1F48} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F4758A19-4B23-B61B-0125-C805E79FBA5A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F6802757-10AB-DBC8-719A-C48394D31082} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F7B868F8-EA98-86A3-D29E-5BCE94E2DD6A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA6A8ADC-5ACF-A739-A8BF-5E4D7B5991C1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FBA372DA-732C-2096-07DB-AA0E71833D10} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FCEBB27B-4E18-DA71-68DF-31397091EAF8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FE0CF482-D7A9-BD18-0056-CF55E4EDD446} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FEDB5C70-C8D3-5CE0-5433-3BFBF961AF4B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Ignored
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Ignored
HKU\S-1-5-21-606747145-1202660629-682003330-1009\Software\Mvu -> Spyware.Delfin : Ignored
C:\Documents and Settings\mom\Cookies\mom@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\mom\Cookies\mom@a.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Ignored
C:\Documents and Settings\mom\Cookies\mom@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\mom\Cookies\mom@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\mom\Cookies\mom@ads.x10[1].txt -> Spyware.Cookie.X10 : Ignored
C:\Documents and Settings\mom\Cookies\mom@advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\mom\Cookies\mom@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\mom\Cookies\mom@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Ignored
C:\Documents and Settings\mom\Cookies\mom@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\mom\Cookies\mom@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\mom\Cookies\mom@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\mom\Cookies\mom@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\mom\Cookies\mom@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\mom\Cookies\mom@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\mom\Cookies\mom@findwhat[1].txt -> Spyware.Cookie.Findwhat : Ignored
C:\Documents and Settings\mom\Cookies\mom@gator[1].txt -> Spyware.Cookie.Gator : Ignored
C:\Documents and Settings\mom\Cookies\mom@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Ignored
C:\Documents and Settings\mom\Cookies\mom@overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\mom\Cookies\mom@paycounter[1].txt -> Spyware.Cookie.Paycounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@pro-market[2].txt -> Spyware.Cookie.Pro-market : Ignored
C:\Documents and Settings\mom\Cookies\mom@qksrv[2].txt -> Spyware.Cookie.Qksrv : Ignored
C:\Documents and Settings\mom\Cookies\mom@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\mom\Cookies\mom@revenue[1].txt -> Spyware.Cookie.Revenue : Ignored
C:\Documents and Settings\mom\Cookies\mom@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\mom\Cookies\mom@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\mom\Cookies\mom@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Ignored
C:\Documents and Settings\mom\Cookies\mom@specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\mom\Cookies\mom@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\mom\Cookies\mom@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\mom\Cookies\mom@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\mom\Cookies\mom@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Ignored
C:\Documents and Settings\mom\Cookies\mom@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Ignored
C:\Documents and Settings\mom\Cookies\mom@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\mom\Desktop\SmileyCentralSetup2.0.3.2.exe -> Spyware.MyWebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\F6.tmp\thnall1ac.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\toolbar.cab/IExploreSkins.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\toolbar.cab/toolbar.dll -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/IExploreSkins.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/TBPS.exe -> Spyware.WebSearch : Ignored
C:\Documents and Settings\mom\Local Settings\Temp\Toolbar3.cab/toolbar.dll -> Spyware.WebSearch : Ignored
C:\Documents and Settings\Owner\Application Data\ttuh.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\Owner\Cookies\owner@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.bq : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\polmx3.cab/polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI10B5.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI373C.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI4FCA.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI58E.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI6C1F.tmp\preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\WToolsA.exe -> Spyware.Wintools : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\wu.exe -> Adware.SaveNow : Ignored
C:\Documents and Settings\Scott\Application Data\ttuh.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Scott\Cookies\scott@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Scott\Cookies\scott@atdmt[1].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Scott\Cookies\scott@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Ignored
C:\Documents and Settings\Scott\Cookies\scott@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\polmx3.cab/polmx3.exe -> TrojanDownloader.Agent.ae : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\THI7A1E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\THI7A1E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\WToolsA.exe -> TrojanDownloader.WinTool : Ignored
C:\Documents and Settings\Scott\Local Settings\Temp\WToolsB.dll -> Spyware.Wintools : Ignored
C:\Documents and Settings\Steve\Cookies\steve@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ldzacoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Steve\Cookies\steve@ads.x10[1].txt -> Spyware.Cookie.X10 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Steve\Cookies\steve@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\Steve\Cookies\steve@fastclick[1].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Steve\Cookies\steve@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Steve\Cookies\steve@specificclick[1].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\Steve\Cookies\steve@statcounter[2].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Steve\Cookies\steve@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\Steve\Cookies\steve@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@adorigin[2].txt -> Spyware.Cookie.Adorigin : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@burstnet[2].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@perf.overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Cookies\steve@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Desktop\hijackthis\backups\backup-20050725-123526-286.dll -> TrojanDownloader.Agent.bc : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\2D.tmp\thnall1ac.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@burstnet[1].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\Cookies\steve@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Steve.MARTIN-E6KN2EGM\Local Settings\Temp\ICD1.tmp\m67m.ocx -> Spyware.MediaMotor : Ignored
C:\Downloads\RCT2_TT-dm[1].exe -> Spyware.Trymedia : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\Program Files\ClockSync(2)\Sync.exe_tobedeleted -> Adware.SaveNow : Ignored
C:\Program Files\Common Files\drnrfmul\dfrcaomtre\lsffmaeqs.exe -> Adware.Gator : Ignored
C:\Program Files\Common Files\drnrfmul\fedcrbcn\rmfdmbru.exe -> Adware.Gator : Ignored
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Ignored
C:\Program Files\Common Files\urkz\urkza.exe -> TrojanDownloader.TSUpdate.l : Ignored
C:\Program Files\Common Files\urkz\urkzl.exe -> TrojanDownloader.TSUpdate.j : Ignored
C:\Program Files\Common Files\urkz\urkzm.exe -> TrojanDownloader.TSUpdate.k : Ignored
C:\Program Files\Common Files\urkz\urkzp.exe -> Spyware.Xupiter : Ignored
C:\Program Files\Internet Explorer\zrtfkvkd.exe -> TrojanDownloader.Agent.aw : Ignored
C:\Program Files\rdso\eetu.exe -> Spyware.PurityScan : Ignored
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll -> Spyware.WinAD : Ignored
C:\temp\SearchRelevancy.exe -> Spyware.Relevance.a : Ignored
C:\WINDOWS\7k0.sys -> Trojan.Delf.cf : Ignored
C:\WINDOWS\8ccqifrt.exe -> Adware.SAHA : Ignored
C:\WINDOWS\aagch.dll -> Spyware.SearchPage : Ignored
C:\WINDOWS\addaj.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addak.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addcc32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addcj32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addco32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addde.dll -> TrojanDownloader.Agent.kd : Ignored
C:\WINDOWS\adddz32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addeg.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addfd.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addfi32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addfk.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addfq32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addia32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addju32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addlb32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addmb.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addmh.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addov32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addoy.dll -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addpm32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addqi.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addro.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addrx32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addsh32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addsy.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\adduc.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addul.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addul32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addvk.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addwk.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addwt32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addxf.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addxn.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addxv32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\addym.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\addyy32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addzd.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\addzl32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\aolvv.txt:gggee -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiaf32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apiah32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apidg.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apies.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apifg32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apifq.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apigr.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apihc.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apihj.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apihw32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiit32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apijh.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apijk32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apile.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apilg.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apilq32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apimp.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apinb.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apiom32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apipo.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apipv.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apiqb32.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiqo32.dll -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apiro32.exe -> Trojan.Agent.bi : Ignored
C:\WINDOWS\apitb32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apitc.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\apitf32.dll -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\apitp.exe -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\ap
#15
Mosaic1
-
- Member
-
- 4,576 posts
Most Respected SuperExpert
Posted 26 July 2005 - 04:57 PM
LOL good idea. It looks like EWIDO picked up a lot of leftover files which about:Buster didn't get.
I believe that Hijackthis log was taken in Safe Mode. May I see a new one taken in regular windows please?
I believe that Hijackthis log was taken in Safe Mode. May I see a new one taken in regular windows please?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
