Help me im going to go crazy!

JimmyJammy · 12-11-2005, 01:52 PM

My GF accidentally downloaded something through IM since then I have tried MS Anti spyware Spy Sweeper Adaware Trend micro spybot search and destroy and a few others. A few of them have helped the problem and even said that it was repaired but after a while it starts up again I downloaded hijackthis and here is my log please if anyone could help i would be very grateful
Logfile of HijackThis v1.99.1
Scan saved at 3:43:45 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\z00096.exe
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\Rar$EX01.094\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

JimmyJammy · 12-12-2005, 02:34 PM

just moving up my post

greyknight17 · 12-12-2005, 07:23 PM

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab

Uninstall MyWay and Need2Find via the Add/Remove panel.

Locate and delete the following:

C:\WINDOWS\z00096.exe
C:\Program Files\MyWaySA\
C:\WINDOWS\DH.dll
C:\Program Files\Need2Find\

Restart your computer. Post the logs for HijackThis and Ewido.

JimmyJammy · 12-13-2005, 06:21 PM

Ok i did everything except i had to restart because i couldnt find Hijackthis so i had to restart and redownload i dont know if i should redo everything but here are the logs of Hijackthis and ewido again thanks for all the help i could of never done it alone also i couldnt remove needtofind and a couple of the file i was told to delete
Logfile of HijackThis v1.99.1
Scan saved at 9:07:51 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\z00096.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:53:44 PM, 12/13/2005
+ Report-Checksum: 911D50C9

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
C:\Documents and Settings\Amanda Owens\Desktop\aimfix_quarantine\32078_srvsc.exe.bak -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Amanda Owens\Desktop\aimfix_quarantine\32082_lsas.exe.bak -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Amanda Owens\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\m234t.exe -> Spyware.WinAD : Cleaned with backup
C:\mt13u.exe -> Downloader.Adload.j : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4F0C6127-C874-400F-871B-DCE4A5\BE9FA4BC-768A-4288-B829-4087C6 -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll -> Spyware.MyWay : Cleaned with backup
C:\socks8c.exe -> Proxy.Ranky.db : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\splcore.dll -> Spyware.MediaBack : Cleaned with backup

::Report

sUBs · 12-13-2005, 10:32 PM

Quote:

i couldnt find Hijackthis

That's because you're running it from WinRar. You're supposed to extract it to it's own folder. HijackThis is able to create backups whenever if fixes any entry. These are stored in a subfolder called backups. As such, we advise against placing the program in any temporary folders. Please create a new directory, C:\Program Files\HijackThis\, and re-locate the program & it's associate files there. (Don't be lazy)

After you have done the above, have HijackThis fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab

Reboot to Safe Mode

* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *

Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

MyWaySA

Please note any other programs that you dont recognize in that list in your next response

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\z00096.exe
C:\Program Files\MyWaySA\
C:\WINDOWS\DH.dll

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!

* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

Double-click the tmas-web-scan.exe icon
It will say "Loading TrendMicro definitions".
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. I then need you to repeat the same procedure above again, using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left

It would produce a log called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:

HiJackThis

Online scan

Antispyware.log

Please provide details of any problems you encountered whilst performing the above

JimmyJammy · 12-14-2005, 05:57 PM

Oki had a few problems i couldnt find all of the hijackthis files, Myway wouldnt uninstall and C:\WINDOWS\DH.dll wasnt there but dh.ini was i wasnt sure if i should delete so i left alone besides that everything else was ok here are the files
Logfile of HijackThis v1.99.1
Scan saved at 8:55:06 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 14, 2005 20:01:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/12/2005
Kaspersky Anti-Virus database records: 165201
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 68409
Number of viruses found: 41
Number of infected objects: 146
Number of suspicious objects: 0
Duration of the scan process: 3841 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\drsmartload1.exe.bac_a11676 Infected: Trojan-Downloader.Win32.VB.ri
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\m234t.exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\MediaGateway.exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\mg[1].exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\mt13.exe.bac_a11676 Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\ZangoTB.dll.bac_a11676 Infected: not-a-virus:AdWare.Win32.Agent.c
C:\Program Files\Common Files\btl7.exe/data0003 Infected: not-a-virus:AdWare.Win32.MediaBack.a
C:\Program Files\Common Files\btl7.exe Infected: not-a-virus:AdWare.Win32.MediaBack.a
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078425.exe Infected: not-a-virus:AdWare.Win32.Gator.6051
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078444.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078445.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078457.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP342\A0083265.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085198.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085198.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085209.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085209.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085385.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085389.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085389.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085395.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085457.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085457.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085477.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085602.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085606.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085650.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085664.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085668.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085669.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085692.exe Infected: not-a-virus:AdWare.Win32.Zestyfind
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085694.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085889.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085893.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085896.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085904.dll Infected: not-a-virus:AdWare.Win32.180Solutions.s
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085905.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085909.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085919.exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085963.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085968.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086027.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086078.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086079.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086082.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086084.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086085.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086086.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086148.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086151.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086172.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086252.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086252.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086264.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086282.exe Infected: Trojan-Proxy.Win32.Ranky.db
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086296.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086298.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086299.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086300.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086301.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086302.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086303.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086304.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086305.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086376.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086377.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0086505.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP358\A0086798.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086838.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086859.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086862.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086863.dll Infected: not-a-virus:AdWare.Win32.Agent.c
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086865.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086866.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086933.exe Infected: not-a-virus:AdWare.Win32.180Solutions.x
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086935.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086936.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086938.exe Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086940.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086941.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086942.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086944.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086945.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086946.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086952.dll Infected: not-a-virus:AdWare.Win32.180Solutions.s
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086953.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0086995.dll Infected: not-a-virus:AdWare.Win32.Agent.c
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087072.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087104.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087109.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087110.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087123.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087126.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087127.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087128.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087129.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087130.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087134.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.s
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087135.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087136.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087137.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087138.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087139.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087140.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087141.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087142.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087143.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087144.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087145.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087146.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087147.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087148.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087149.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087150.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087151.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087152.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088124.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088129.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088131.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088132.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088133.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088134.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088136.exe Infected: Trojan.Win32.VB.afn
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088137.exe Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088139.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088140.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088141.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088142.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088143.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088144.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088146.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088147.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088148.dll Infected: not-a-virus:AdWare.Win32.Sud.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088149.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088155.exe Infected: Backdoor.Win32.SdBot.aad
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088156.exe Infected: Backdoor.Win32.SdBot.aad
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088157.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088318.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088319.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088321.dll Infected: not-a-virus:AdWare.Win32.MyWay.v
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088322.exe Infected: Trojan-Proxy.Win32.Ranky.db
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088323.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088324.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088325.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088326.dll Infected: not-a-virus:AdWare.Win32.MediaBack.a

Scan process completed.
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Tue Dec 13 21:05:23 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 18:47:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
IE Downloaded Program Files: Found 'CKAVWebScan Object' in 'C:\WINDOWS\Downloaded Program Files\kavwebscan.inf'
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:02:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'edge.ru4.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\Kazaa'
Files and Directories: Found 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'name_font.bmp' in 'C:\Program Files\PacificPoker\media'
Files and Directories: Found 'Shared_.dll' in 'C:\Program Files\PacificPoker'
Files and Directories: Found 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils'
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Files and Directories: Cleaned 'bdupd.dll' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned 'ace.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'adsntfs.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'alz.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'arc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'arj.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'bach.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'bzip2.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cab.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.rvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_dll.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_emu.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_vfs.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'chm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cpio.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'dbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'docfile.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'epoc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'gzip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hlp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hpe.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hpe.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hqx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'html.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'imp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'inno.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'instyler.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'iso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'java.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'java.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'jpeg.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'lha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'lnk.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mbox.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_97.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_97.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_w95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_x95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_xf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mime.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'na.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'na.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nelf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nelf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nsis.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'objd.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'pdf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'pst.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rpm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rtf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rup.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rup.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sfx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'swf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'tar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'td0.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'thebat.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'tnef.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'update.txt' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'uudecode.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'vedata.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'viza.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'wise.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'xishield.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'z.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'zip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'zoo.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'plugins.htm' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned 'versions.dat' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned '{506DF6E9-C294-5A40-15E4-C35C4D0EB8F5}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{587A55DA-614A-F95E-5CD6-AEDE4014E970}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{5A2155EC-ADD0-0E6E-3F0F-A87E65E2C180}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{617A448E-7E25-26AB-672E-E647C5361A0B}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned 'ctx4-050823.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'data1024.dbb' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'data256.dbb' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'k7tqkgkk_tssv125.dat' in 'C:\Program Files\Kazaa\Db'
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in Add/Remove Programs.
Add/Remove Programs: Found 'AOL Deskbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'AOL Toolbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'AolCoach2_en' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'CleanUp!' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Dell Digital Jukebox Driver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Dell Photo Printer 720' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DellSupport' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DH' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'dlatray.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DocsToGo300 Uninstall' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ewidosecuritysuite' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Freeze Clip Art' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'GameSpy Arcade' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Handmark® Oxford American Desk Dictionary and Thesaurus for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'HijackThis' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Intel(R) 537EP V9x DF PCI Modem' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'InterActual Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Kaspersky On-line Scanner' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB834707' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB867282' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB873333' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB873339' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB883939' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885250' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885835' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885836' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB886185' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB887472' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB887742' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888113' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888302' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888310' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890046' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890047' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890175' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890859' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890923' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB891781' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893066' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893086' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893756' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893803' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893803v2' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB894391' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896358' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896422' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896423' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896424' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896428' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896688' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB898458' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB898461' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB899587' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB899591' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB900725' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB901017' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB901214' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB902400' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB903235' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB904706' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB905414' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB905749' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'M886903' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Macromedia Shockwave Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Mcafee SecurityCenter' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Microsoft .NET Framework 1.1 (1033)' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Microsoft Interactive Training' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'MusicNet on AOL' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'MyWaySearchAssistantDE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'NVIDIA Drivers' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Pacific Poker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PartyPoker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PCHealth' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PROSet' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'QuickTime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Radio@Netscape' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RealJukebox 1.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RealPlayer 6.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RecordNow.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ResChanger20043.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'SGTRAY.EXE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'slideshow_800x600' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Spybot - Search & Destroy_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ST6UNST #1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Trivial Pursuit® Handheld Edition for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ViewpointMediaPlayer' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'VirusScan Online' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Weather Services' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Windows Media Format Runtime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Windows Media Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'WinRAR archiver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Anti-Spy' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Companion' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Customizations' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Messenger' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{048298C9-A4D3-490B-9FF9-AB023A9238F3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{09DA4F91-2A09-4232-AB8C-6BC740096DE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{0F756CD9-4A1E-409B-B101-601DDC4C03AA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{2637C347-9DAD-11D6-9EA2-00055D0CA761}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{30BB4D60-81DB-11D5-BB77-00400536ABAC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{319D9385-EEC1-4ae5-BFD1-C5DE1E063F30}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{33BB4982-DC52-4886-A03B-F4C5C80BEE89}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{352310C3-E46B-42D3-8F32-54721FDD72D9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{35BDEFF1-A610-4956-A00D-15453C116395}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{3AC83D91-35E2-1A44-5121-943F0D5A2E00}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{3F92ABBB-6BBF-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{403EF592-953B-4794-BCEF-ECAB835C2095}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{40C03514-89C3-41BA-0090-3B440256DB87}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{45EBDA59-D33B-433A-956E-B2F236468B56}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{536F7C74-844B-4683-B0C5-EA39E19A6FE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{5905F42D-3F5F-4916-ADA6-94A3646AEE76}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7148F0A8-6813-11D6-A77B-00B0D0142030}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7A3F0566-5E05-4919-9C98-456F6B5CF831}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7C503E58-B2BC-11D5-978A-0050BA84F5F7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7F142D56-3326-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{81A34902-9D0B-4920-A25C-4CDC5D14B328}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{8A708DD8-A5E6-11D4-A706-000629E95E20}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{90110409-6000-11D3-8CFE-0150048383C9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{9541FED0-327F-4DF0-8B96-EF57EF622F19}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AC76BA86-0000-0000-0000-6028747ADE01}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AC76BA86-7AD7-1033-7B44-A00000000001}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AF19F291-F22F-4798-9662-525305AE9E48}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{BA0F44C2-A883-11D1-AD0A-006097D15E2C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{D45EC259-4A19-4656-B588-C2C360DD18EA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{E93E5EF6-D361-481E-849D-F16EF5C78EBC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{F0A37341-D692-11D4-A984-009027EC0A9C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Files and Directories: Cleaned 'np.tmp' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'ova4-050823.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tsi4-050801a.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tsi4-050801b.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tss4.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'chasey01.ksa' in 'C:\Program Files\Kazaa\My Search Agents'
Files and Directories: Cleaned '' in 'C:\Program Files\Kazaa'
Files and Directories: Cleaned 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'name_font.bmp' in 'C:\Program Files\PacificPoker\media'
Files and Directories: Cleaned 'Shared_.dll' in 'C:\Program Files\PacificPoker'
Files and Directories: Cleaned 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils'
Finished Cleaning
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:18:49 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Found '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Found '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Found '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Found '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Found '' in 'cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Found '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Found '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD'
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Windows Registry: Cleaned '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Cleaned '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Cleaned '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Cleaned '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Cleaned '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Cleaned '' in 'cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Cleaned '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD'
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:38:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
ok thats all three hopefully it all fixed and i appreciate the help alot

JimmyJammy · 12-15-2005, 02:20 PM

Ok so far i havnt had any popups but I have noticed that alot of pictures arent coming up on websites i dont know if this was caused by somthing that I have done or if it can be repaired but atleast there are no popups I appreciate all of the help

MicroBell · 12-16-2005, 12:25 AM

Please run the Trendmicro scan again and post the log. I need to see whats left in the entrys.

JimmyJammy · 12-16-2005, 02:43 PM

Here is trend micro spywarelog
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Tue Dec 13 21:05:23 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 18:47:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
IE Downloaded Program Files: Found 'CKAVWebScan Object' in 'C:\WINDOWS\Downloaded Program Files\kavwebscan.inf'
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:02:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'edge.ru4.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\Kazaa'
Files and Directories: Found 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Found 'name_font.bmp' in 'C:\Program Files\PacificPoker\media'
Files and Directories: Found 'Shared_.dll' in 'C:\Program Files\PacificPoker'
Files and Directories: Found 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils'
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Files and Directories: Cleaned 'bdupd.dll' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned 'ace.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'adsntfs.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'alz.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'arc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'arj.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'bach.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'bzip2.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cab.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.rvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cevakrnl.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_dll.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_emu.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ceva_vfs.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'chm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cpio.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'cran.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'dbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'docfile.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'emalware.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'epoc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'gzip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'ha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hlp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hpe.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hpe.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'hqx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'html.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'imp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'inno.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'instyler.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'iso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'java.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'java.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'jpeg.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'lha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'lnk.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mbox.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_97.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_97.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_w95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_x95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mdx_xf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mime.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'mso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'na.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'na.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nelf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nelf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'nsis.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'objd.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'pdf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'pst.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rpm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rtf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rup.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'rup.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'sfx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'swf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'tar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'td0.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'thebat.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'tnef.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'unpack.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'update.txt' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'uudecode.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 've.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'vedata.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'viza.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'wise.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'xishield.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'z.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'zip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'zoo.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins'
Files and Directories: Cleaned 'plugins.htm' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned 'versions.dat' in 'C:\Program Files\Kazaa\BGP2P'
Files and Directories: Cleaned '{506DF6E9-C294-5A40-15E4-C35C4D0EB8F5}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{587A55DA-614A-F95E-5CD6-AEDE4014E970}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{5A2155EC-ADD0-0E6E-3F0F-A87E65E2C180}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned '{617A448E-7E25-26AB-672E-E647C5361A0B}' in 'C:\Program Files\Kazaa\data'
Files and Directories: Cleaned 'ctx4-050823.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'data1024.dbb' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'data256.dbb' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'k7tqkgkk_tssv125.dat' in 'C:\Program Files\Kazaa\Db'
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in Add/Remove Programs.
Add/Remove Programs: Found 'AOL Deskbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'AOL Toolbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'AolCoach2_en' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'CleanUp!' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Dell Digital Jukebox Driver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Dell Photo Printer 720' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DellSupport' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DH' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'dlatray.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'DocsToGo300 Uninstall' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ewidosecuritysuite' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Freeze Clip Art' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'GameSpy Arcade' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Handmark® Oxford American Desk Dictionary and Thesaurus for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'HijackThis' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Intel(R) 537EP V9x DF PCI Modem' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'InterActual Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Kaspersky On-line Scanner' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB834707' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB867282' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB873333' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB873339' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB883939' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885250' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885835' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB885836' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB886185' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB887472' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB887742' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888113' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888302' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB888310' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890046' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890047' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890175' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890859' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB890923' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB891781' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893066' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893086' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893756' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893803' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB893803v2' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB894391' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896358' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896422' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896423' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896424' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896428' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB896688' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB898458' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB898461' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB899587' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB899591' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB900725' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB901017' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB901214' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB902400' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB903235' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB904706' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB905414' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'KB905749' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'M886903' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Macromedia Shockwave Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Mcafee SecurityCenter' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Microsoft .NET Framework 1.1 (1033)' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Microsoft Interactive Training' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'MusicNet on AOL' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'MyWaySearchAssistantDE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'NVIDIA Drivers' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Pacific Poker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PartyPoker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PCHealth' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'PROSet' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'QuickTime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Radio@Netscape' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RealJukebox 1.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RealPlayer 6.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'RecordNow.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ResChanger20043.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'SGTRAY.EXE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'slideshow_800x600' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Spybot - Search & Destroy_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ST6UNST #1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Trivial Pursuit® Handheld Edition for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'ViewpointMediaPlayer' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'VirusScan Online' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Weather Services' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Windows Media Format Runtime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Windows Media Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'WinRAR archiver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Anti-Spy' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Companion' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Customizations' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found 'Yahoo! Messenger' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{048298C9-A4D3-490B-9FF9-AB023A9238F3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{09DA4F91-2A09-4232-AB8C-6BC740096DE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{0F756CD9-4A1E-409B-B101-601DDC4C03AA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{2637C347-9DAD-11D6-9EA2-00055D0CA761}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{30BB4D60-81DB-11D5-BB77-00400536ABAC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{319D9385-EEC1-4ae5-BFD1-C5DE1E063F30}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{33BB4982-DC52-4886-A03B-F4C5C80BEE89}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{352310C3-E46B-42D3-8F32-54721FDD72D9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{35BDEFF1-A610-4956-A00D-15453C116395}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{3AC83D91-35E2-1A44-5121-943F0D5A2E00}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{3F92ABBB-6BBF-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{403EF592-953B-4794-BCEF-ECAB835C2095}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{40C03514-89C3-41BA-0090-3B440256DB87}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{45EBDA59-D33B-433A-956E-B2F236468B56}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{536F7C74-844B-4683-B0C5-EA39E19A6FE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{5905F42D-3F5F-4916-ADA6-94A3646AEE76}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7148F0A8-6813-11D6-A77B-00B0D0142030}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7A3F0566-5E05-4919-9C98-456F6B5CF831}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7C503E58-B2BC-11D5-978A-0050BA84F5F7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{7F142D56-3326-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{81A34902-9D0B-4920-A25C-4CDC5D14B328}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{8A708DD8-A5E6-11D4-A706-000629E95E20}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{90110409-6000-11D3-8CFE-0150048383C9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{9541FED0-327F-4DF0-8B96-EF57EF622F19}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AC76BA86-0000-0000-0000-6028747ADE01}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AC76BA86-7AD7-1033-7B44-A00000000001}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{AF19F291-F22F-4798-9662-525305AE9E48}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{BA0F44C2-A883-11D1-AD0A-006097D15E2C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{D45EC259-4A19-4656-B588-C2C360DD18EA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{E93E5EF6-D361-481E-849D-F16EF5C78EBC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Add/Remove Programs: Found '{F0A37341-D692-11D4-A984-009027EC0A9C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
Files and Directories: Cleaned 'np.tmp' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'ova4-050823.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tsi4-050801a.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tsi4-050801b.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'tss4.cab' in 'C:\Program Files\Kazaa\Db'
Files and Directories: Cleaned 'chasey01.ksa' in 'C:\Program Files\Kazaa\My Search Agents'
Files and Directories: Cleaned '' in 'C:\Program Files\Kazaa'
Files and Directories: Cleaned 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media'
Files and Directories: Cleaned 'name_font.bmp' in 'C:\Program Files\PacificPoker\media'
Files and Directories: Cleaned 'Shared_.dll' in 'C:\Program Files\PacificPoker'
Files and Directories: Cleaned 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils'
Finished Cleaning
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:18:49 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Found '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Found '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Found '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Found '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Found '' in 'cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Found '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Found '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD'
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Windows Registry: Cleaned '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}'
Windows Registry: Cleaned '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Cleaned '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}'
Windows Registry: Cleaned '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}'
Windows Registry: Cleaned '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Cleaned '' in 'cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1'
Windows Registry: Cleaned '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD'
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Wed Dec 14 20:38:39 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Windows Shell Settings: Found '{21569614-B795-46b1-85F4-E737A8DC09AD}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Started Backup
Finished Backup
Started Cleaning
Windows Shell Settings: Cleaned '{21569614-B795-46b1-85F4-E737A8DC09AD}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Finished Cleaning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Thu Dec 15 16:44:28 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Thu Dec 15 20:51:23 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=FAMILYCOMP
Time=Fri Dec 16 17:28:35 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Internet Cookies
Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'edge.ru4.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Program Files\StreamCast'
Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

MicroBell · 12-16-2005, 05:43 PM

Hummm..something is amiss....

Post another Panda and Ewido logs. I also need you to open hijackthis then click misctools>>open uninstall manager. Once it loads..click on save list and post that log here.

JimmyJammy · 12-17-2005, 09:44 AM

Ok last night MS antispyware detected 2 new programs Dealhelper and Small136 they were both removed here are my ewido scan and panda scan
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:52:36 AM, 12/17/2005
+ Report-Checksum: 5D0774BF

+ Scan result:

C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup

::Report End

Incident Status Location

Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\teller2.chk
Adware:adware/searchresults Not disinfected C:\PROGRAM FILES\QL
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts
Adware:Adware/CommAd Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C
Virus:Trj/Downloader.GPB Not disinfected C:\WINDOWS\SYSTEM32\04cg896m.dll
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Adobe® Photoshop® Album Starter Edition 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar 2.0
CleanUp!
Content Scanner
Contextual Tool
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Support 5.0.0 (630)
DH
Documents To Go 3.00
Doom 3
EarthLink setup files
ewido security suite
Freeze Clip Art
GameSpy Arcade
Get High Speed Internet!
Half-Life(R) 2
Handmark® Oxford American Desk Dictionary and Thesaurus for Palm OS
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch for Windows Media Player
MUSICMATCH® Jukebox
MusicNet@AOL
My Way Search Assistant
NetZeroInstallers
Neverwinter Nights
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.2
Pacific Poker
Palm Desktop
Panda ActiveScan
PartyPoker
PowerDVD
Qualxserve Service Agreement
QuickTime
Radio@Netscape
RealPlayer
ResChanger2004
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
slideshow_800x600 Screen Saver
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
Steam(TM)
The Sims 2
Trend Micro Anti-Spyware
Trivial Pursuit® Handheld Edition for Palm OS
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Weather Services
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

MicroBell · 12-17-2005, 02:25 PM

Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

JimmyJammy · 12-17-2005, 06:43 PM

ok here is the log
L2MFIX find log 121605
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F8880868-9875-9FCB-D47E-4871F943F54D}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{27B297A0-A873-44D5-8CEE-7D3173551B67}"=""
"{58EF6560-EBA0-47B1-B71E-4C58B2B95E8F}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{D9CA96EA-3775-440D-ACA3-AADF44B726B9}"=""
"{6E7B872D-E288-4D93-860D-1A4ACE5E673A}"=""
"{B1952B6C-9641-4743-B31C-3DBFD930D322}"=""
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{27B297A0-A873-44D5-8CEE-7D3173551B67}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{27B297A0-A873-44D5-8CEE-7D3173551B67}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B297A0-A873-44D5-8CEE-7D3173551B67}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B297A0-A873-44D5-8CEE-7D3173551B67}\InprocServer32]
@="C:\\WINDOWS\\system32\\lqfil11n.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
04cg896m.dll Wed Nov 30 2005 7:32:00p A.... 38,400 37.50 K
archlib.dll Wed Oct 12 2005 10:10:16p A.S.. 180,224 176.00 K
browseui.dll Wed Nov 23 2005 8

34p A.... 1,022,464 998.50 K
cdfview.dll Thu Oct 20 2005 10:39:26p A.... 151,040 147.50 K
danim.dll Fri Nov 4 2005 10:16:24p A.... 1,054,208 1.00 M
dxtrans.dll Thu Oct 20 2005 10:39:28p A.... 205,312 200.50 K
esent.dll Thu Oct 20 2005 5:20:04p A.... 1,082,368 1.03 M
extmgr.dll Thu Oct 20 2005 10:39:28p A.... 55,808 54.50 K
gccoll~1.dll Tue Nov 15 2005 12:12:08p A.... 126,680 123.71 K
gcunco~1.dll Tue Nov 15 2005 12:12:06p A.... 95,448 93.21 K
gdi32.dll Wed Oct 5 2005 10:09:36p A.... 280,064 273.50 K
gwfspi~1.dll Fri Nov 4 2005 4:27:18p A.... 23,304 22.76 K
hashlib.dll Tue Nov 15 2005 12:12:08p A.... 117,976 115.21 K
iepeers.dll Thu Oct 20 2005 10:39:28p A.... 251,392 245.50 K
inseng.dll Thu Oct 20 2005 10:39:28p A.... 96,256 94.00 K
islzma.dll Fri Oct 21 2005 3:50:14p A.... 102,912 100.50 K
legitc~1.dll Fri Nov 4 2005 4:27:24p A.... 534,280 521.76 K
mcinsctl.dll Tue Oct 18 2005 11:08:04a A.... 349,760 341.56 K
mshtml.dll Wed Nov 23 2005 8

34p A.... 3,015,680 2.88 M
mshtmled.dll Thu Oct 20 2005 10:39:30p A.... 448,512 438.00 K
msrating.dll Thu Oct 20 2005 10:39:30p A.... 146,432 143.00 K
mstime.dll Thu Oct 20 2005 10:39:30p A.... 530,944 518.50 K
pngfilt.dll Thu Oct 20 2005 10:39:30p A.... 39,424 38.50 K
shdocvw.dll Wed Nov 30 2005 10:59:30p A.... 1,492,480 1.42 M
shell32.dll Thu Sep 22 2005 10:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Thu Oct 20 2005 10:39:30p A.... 473,600 462.50 K
spmsg.dll Wed Oct 12 2005 6:12:26p ..... 14,048 13.72 K
sys_dll.dll Mon Dec 5 2005 6:00:22p A.... 0 0.00 K
urlmon.dll Fri Nov 4 2005 10:16:28p A.... 609,280 595.00 K
wininet.dll Thu Oct 20 2005 10:39:30p A.... 658,432 643.00 K
wrlogo~1.dll Mon Oct 24 2005 12:20:36p A.... 492,544 481.00 K
wrlzma.dll Mon Oct 24 2005 12:20:32p A.... 17,920 17.50 K

32 items found: 32 files (1 H/S), 0 directories.
Total of file sizes: 22,157,752 bytes 21.13 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is C01A-C059

Directory of C:\WINDOWS\System32

11/08/2005 11:20 AM 4,184 KGyGaAvL.sys
11/08/2005 11:20 AM 56 9F91BB2B48.sys
10/12/2005 10:10 PM 180,224 archlib.dll
09/11/2005 09:00 AM <DIR> DLLCACHE
12/03/2004 01:26 AM <DIR> Microsoft
3 File(s) 184,464 bytes
2 Dir(s) 126,213,058,560 bytes free

MicroBell · 12-18-2005, 02:32 AM

Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Download Hoster http://www.greyknight17.com/spy/Hoster.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Open add/remove programs and remove the following IF listed.

DH
Freeze Clip Art
My Way Search Assistant
Viewpoint Media Player

Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED.

HKEY_CLASSES_ROOT\CLSID\ {27B297A0-A873-44D5-8CEE-7D3173551B67}

Close regedit

Run the Hoster program and select "Restore Orginal Hosts File"

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\teller2.chk
C:\PROGRAM FILES\QL
C:\WINDOWS\SYSTEM32\04cg896m.dll
C:\WINDOWS\system32\lqfil11n.DLL

Once you reboot..post another Panda scan and let me know how things are running.

JimmyJammy · 12-18-2005, 01:01 PM

Ok so I did everything from previous post but i still cannot uninstall mywaysearch assistant here is the panda scan results

Incident Status Location

Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\timessquare1.dat
Adware:adware/searchresults Not disinfected C:\PROGRAM FILES\QL
Adware:adware/savenow Not disinfected Windows Registry
Virus:Trj/Downloader.GPB Not disinfected C:\!KillBox\04cg896m.dll
Adware:Adware/CommAd Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C

sUBs · 12-18-2005, 01:07 PM

Download & run this file - DellMyWaySearchAssistantUninstaller.exe

* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *

Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

Hyperlinker / QL

Please note any other programs that you dont recognize in that list in your next response

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\timessquare1.dat
C:\PROGRAM FILES\QL

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

Post a new HJT log & let me know how everything went.
Do you still have any more issues with your machine?

JimmyJammy · 12-18-2005, 04:22 PM

ok i could not find Hyperlinker / QL to uninstall but here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 7:19:34 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\program files\valve\steam\steam.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

MicroBell · 12-19-2005, 01:08 AM

Please post 1 more Panda log and let us know how things are running.

JimmyJammy · 12-19-2005, 03:11 PM

ok here is my panda scan thanks for all the help! Also what is done with any money that is donated to the forum?

Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Virus:Trj/Downloader.GPB Not disinfected C:\!KillBox\04cg896m.dll

MicroBell · 12-19-2005, 06:23 PM

C:\!KillBox <--delete that folder

Any money donated to the forum goes right back into maintaining the forum and the servers it resides on.

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.

Reset hidden/system files and folders

Windows XP
===============

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Windows 2000
===============

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Select the Advanced settings box option.
Select the Hidden files Folders.
Deselect the Show all files option.
Click Yes to confirm.
Click OK.

Windows ME
===============

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Windows 95/98/98SE
===============

Open My Computer.
Select the View
Select the Folder Options option.
Select the View tab. option.
Select the Advance Advanced settings box option.
Select the Hidden files folder.
Deselect the Show all files option
Click Apply to confirm.
Click OK.

Create a new System Restore point

Windows XP
===============

Click Start >> Run - type SYSDM.CPL & press Enter
Select the System Restore Tab
Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
Then untick the same checkbox & click OK
This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

Click the Start tab.
Select the Settings option.
Select the Control Panel option.
Double Click the System icon Performance tab option.
Select File System
Select the Troubleshooting tab
Check the Disable System Restore box
Click Apply to confirm.
Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option

Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

Click the Start button.
Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
Choose Create a restore point, and then click Next.
In the Restore point description box, type a name for your restore point, and then click Next.
Click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
Tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.

Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.

12-11-2005, 01:52 PM	#1 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	Help me im going to go crazy! My GF accidentally downloaded something through IM since then I have tried MS Anti spyware Spy Sweeper Adaware Trend micro spybot search and destroy and a few others. A few of them have helped the problem and even said that it was repaired but after a while it starts up again I downloaded hijackthis and here is my log please if anyone could help i would be very grateful Logfile of HijackThis v1.99.1 Scan saved at 3:43:45 PM, on 12/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe c:\program files\mcafee.com\shared\mghtml.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\svchost.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\WINDOWS\z00096.exe C:\Program Files\Trend Micro\Tmas\tmas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\Rar$EX01.094\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

12-12-2005, 02:34 PM	#2 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	moving up just moving up my post

12-12-2005, 07:23 PM	#3 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,326 OS: Windows 98 & Windows XP Home/Pro My System	Welcome to TSF. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Please download Ewido Security Suite at http://www.ewido.net/en/download/. 1. Install Ewido Security Suite. 2. When installing, under 'Additional Options' uncheck: * Install background guard * Install scan via context menu 3. Launch Ewido, there should be an icon on your desktop, double click it. 4. The program will now open to the main screen. 5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment. 6. You will need to update Ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'. 8. Exit Ewido. DO NOT scan yet. If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet. Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ). CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Now open Ewido and do a scan on your system. * Click on scanner. * Click on 'Complete System Scan' and the scan will begin. * While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK. * Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'. * Click 'Save report'. * Save the report to your desktop. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab Uninstall MyWay and Need2Find via the Add/Remove panel. Locate and delete the following: C:\WINDOWS\z00096.exe C:\Program Files\MyWaySA\ C:\WINDOWS\DH.dll C:\Program Files\Need2Find\ Restart your computer. Post the logs for HijackThis and Ewido. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

12-13-2005, 06:21 PM	#4 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	i might have it Ok i did everything except i had to restart because i couldnt find Hijackthis so i had to restart and redownload i dont know if i should redo everything but here are the logs of Hijackthis and ewido again thanks for all the help i could of never done it alone also i couldnt remove needtofind and a couple of the file i was told to delete Logfile of HijackThis v1.99.1 Scan saved at 9:07:51 PM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\z00096.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 8:53:44 PM, 12/13/2005 + Report-Checksum: 911D50C9 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup HKU\S-1-5-21-3193893-305785531-3233724115-1006\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup C:\Documents and Settings\Amanda Owens\Desktop\aimfix_quarantine\32078_srvsc.exe.bak -> Backdoor.SdBot.aad : Cleaned with backup C:\Documents and Settings\Amanda Owens\Desktop\aimfix_quarantine\32082_lsas.exe.bak -> Backdoor.SdBot.aad : Cleaned with backup C:\Documents and Settings\Amanda Owens\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup C:\m234t.exe -> Spyware.WinAD : Cleaned with backup C:\mt13u.exe -> Downloader.Adload.j : Cleaned with backup C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\4F0C6127-C874-400F-871B-DCE4A5\BE9FA4BC-768A-4288-B829-4087C6 -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll -> Spyware.MyWay : Cleaned with backup C:\socks8c.exe -> Proxy.Ranky.db : Cleaned with backup C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\splcore.dll -> Spyware.MediaBack : Cleaned with backup ::Report

12-14-2005, 05:57 PM	#6 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	maybe now? Oki had a few problems i couldnt find all of the hijackthis files, Myway wouldnt uninstall and C:\WINDOWS\DH.dll wasnt there but dh.ini was i wasnt sure if i should delete so i left alone besides that everything else was ok here are the files Logfile of HijackThis v1.99.1 Scan saved at 8:55:06 PM, on 12/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, December 14, 2005 20:01:35 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 15/12/2005 Kaspersky Anti-Virus database records: 165201 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 68409 Number of viruses found: 41 Number of infected objects: 146 Number of suspicious objects: 0 Duration of the scan process: 3841 sec Infected Object Name - Virus Name C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\drsmartload1.exe.bac_a11676 Infected: Trojan-Downloader.Win32.VB.ri C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\m234t.exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\MediaGateway.exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\mg[1].exe.bac_a11676 Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\mt13.exe.bac_a11676 Infected: Trojan-Downloader.Win32.Adload.j C:\Documents and Settings\Amanda Owens\.housecall\Quarantine\ZangoTB.dll.bac_a11676 Infected: not-a-virus:AdWare.Win32.Agent.c C:\Program Files\Common Files\btl7.exe/data0003 Infected: not-a-virus:AdWare.Win32.MediaBack.a C:\Program Files\Common Files\btl7.exe Infected: not-a-virus:AdWare.Win32.MediaBack.a C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078425.exe Infected: not-a-virus:AdWare.Win32.Gator.6051 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078444.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078445.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0078457.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP342\A0083265.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085198.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085198.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085209.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP349\A0085209.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085385.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085389.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085389.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085395.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085457.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085457.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\A0085477.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085602.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085606.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085650.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085664.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085668.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085669.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085692.exe Infected: not-a-virus:AdWare.Win32.Zestyfind C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085694.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085889.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085893.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0085896.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085904.dll Infected: not-a-virus:AdWare.Win32.180Solutions.s C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085905.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085909.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085919.exe Infected: not-a-virus:AdWare.Win32.AdURL.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085963.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0085968.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086027.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086078.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086079.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086082.exe Infected: Trojan-Downloader.Win32.TSUpdate.p C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086084.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086085.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086086.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086148.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086151.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086172.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086252.exe/thanks.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086252.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086264.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086282.exe Infected: Trojan-Proxy.Win32.Ranky.db C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\A0086296.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086298.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086299.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086300.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086301.exe Infected: Trojan-Downloader.Win32.Small.buy C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086302.exe Infected: Trojan.Win32.StartPage.aw C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086303.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086304.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086305.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086376.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0086377.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0086505.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP358\A0086798.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086838.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086859.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086862.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086863.dll Infected: not-a-virus:AdWare.Win32.Agent.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086865.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP359\A0086866.exe Infected: Trojan-Downloader.Win32.VB.ri C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086933.exe Infected: not-a-virus:AdWare.Win32.180Solutions.x C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086935.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086936.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086938.exe Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086940.exe Infected: Trojan-Downloader.Win32.Small.buy C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086941.exe Infected: Trojan.Win32.StartPage.aw C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086942.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086944.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086945.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086946.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086952.dll Infected: not-a-virus:AdWare.Win32.180Solutions.s C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0086953.dll Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0086995.dll Infected: not-a-virus:AdWare.Win32.Agent.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087072.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087104.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087109.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087110.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087123.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087126.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087127.exe Infected: Trojan-Clicker.Win32.VB.kc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087128.exe Infected: Trojan-Downloader.Win32.VB.ri C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087129.exe Infected: Trojan-Downloader.Win32.Small.bke C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087130.exe Infected: Trojan-Downloader.Win32.Small.cam C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087134.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.s C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087135.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087136.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087137.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087138.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087139.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087140.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087141.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087142.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087143.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087144.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087145.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087146.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087147.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087148.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087149.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087150.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087151.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0087152.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088124.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088129.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088131.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088132.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088133.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088134.dll Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088136.exe Infected: Trojan.Win32.VB.afn C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088137.exe Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088139.exe Infected: Trojan-Downloader.Win32.Small.buy C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088140.exe Infected: Trojan-Downloader.Win32.VB.ri C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088141.exe Infected: Trojan.Win32.StartPage.aw C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088142.exe Infected: Trojan-Downloader.Win32.Small.bke C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088143.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088144.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088146.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088147.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088148.dll Infected: not-a-virus:AdWare.Win32.Sud.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088149.exe Infected: Trojan-Downloader.Win32.Small.cam C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088155.exe Infected: Backdoor.Win32.SdBot.aad C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088156.exe Infected: Backdoor.Win32.SdBot.aad C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0088157.dll Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088318.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088319.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088321.dll Infected: not-a-virus:AdWare.Win32.MyWay.v C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088322.exe Infected: Trojan-Proxy.Win32.Ranky.db C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088323.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088324.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088325.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0088326.dll Infected: not-a-virus:AdWare.Win32.MediaBack.a Scan process completed. --------------------------------- Anti-Spyware session started --------------------------------- Machine=FAMILYCOMP Time=Tue Dec 13 21:05:23 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cookies' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' Windows Shell Settings: Cleaned 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' --------------------------------- Anti-Spyware session started --------------------------------- Machine=FAMILYCOMP Time=Wed Dec 14 18:47:39 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning IE Downloaded Program Files: Found 'CKAVWebScan Object' in 'C:\WINDOWS\Downloaded Program Files\kavwebscan.inf' --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=FAMILYCOMP Time=Wed Dec 14 20:02:39 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning Internet Cookies Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'edge.ru4.com' in 'Internet Explorer Cache' CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Files and Directories: Found '' in 'C:\Program Files\Kazaa' Files and Directories: Found 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Found 'name_font.bmp' in 'C:\Program Files\PacificPoker\media' Files and Directories: Found 'Shared_.dll' in 'C:\Program Files\PacificPoker' Files and Directories: Found 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils' Files and Directories: Found '' in 'C:\Program Files\StreamCast' Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus' Finished Scanning Started Backup Finished Backup Started Cleaning Files and Directories: Cleaned 'bdupd.dll' in 'C:\Program Files\Kazaa\BGP2P' Files and Directories: Cleaned 'ace.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'adsntfs.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'alz.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'arc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'arj.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'bach.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'bzip2.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cab.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cevakrnl.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cevakrnl.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cevakrnl.rvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cevakrnl.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'ceva_dll.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'ceva_emu.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'ceva_vfs.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'chm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cpio.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cran.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cran.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'cran.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'dbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'docfile.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'emalware.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'emalware.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'emalware.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'epoc.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'gzip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'ha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'hlp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'hpe.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'hpe.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'hqx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'html.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'imp.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'inno.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'instyler.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'iso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'java.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'java.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'jpeg.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'lha.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'lnk.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mbox.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mbx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx_97.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx_97.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx_w95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx_x95.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mdx_xf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mime.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'mso.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'na.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'na.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'nelf.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'nelf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'nsis.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'objd.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'pdf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'pst.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'rar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'rpm.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'rtf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'rup.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'rup.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'sdx.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'sdx.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'sdx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'sfx.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'swf.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'tar.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'td0.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'thebat.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'tnef.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'unpack.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'unpack.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'unpack.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'update.txt' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'uudecode.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 've.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 've.ivd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 've.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'vedata.cvd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'viza.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'wise.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'xishield.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'z.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'zip.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'zoo.xmd' in 'C:\Program Files\Kazaa\BGP2P\plugins' Files and Directories: Cleaned 'plugins.htm' in 'C:\Program Files\Kazaa\BGP2P' Files and Directories: Cleaned 'versions.dat' in 'C:\Program Files\Kazaa\BGP2P' Files and Directories: Cleaned '{506DF6E9-C294-5A40-15E4-C35C4D0EB8F5}' in 'C:\Program Files\Kazaa\data' Files and Directories: Cleaned '{587A55DA-614A-F95E-5CD6-AEDE4014E970}' in 'C:\Program Files\Kazaa\data' Files and Directories: Cleaned '{5A2155EC-ADD0-0E6E-3F0F-A87E65E2C180}' in 'C:\Program Files\Kazaa\data' Files and Directories: Cleaned '{617A448E-7E25-26AB-672E-E647C5361A0B}' in 'C:\Program Files\Kazaa\data' Files and Directories: Cleaned 'ctx4-050823.cab' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'data1024.dbb' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'data256.dbb' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'k7tqkgkk_tssv125.dat' in 'C:\Program Files\Kazaa\Db' Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas. Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in Add/Remove Programs. Add/Remove Programs: Found 'AOL Deskbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'AOL Toolbar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'AolCoach2_en' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'CleanUp!' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Dell Digital Jukebox Driver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Dell Photo Printer 720' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'DellSupport' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'DH' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'dlatray.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'DocsToGo300 Uninstall' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'ewidosecuritysuite' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Freeze Clip Art' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'GameSpy Arcade' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Handmark® Oxford American Desk Dictionary and Thesaurus for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'HijackThis' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Intel(R) 537EP V9x DF PCI Modem' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'InterActual Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Kaspersky On-line Scanner' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB834707' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB867282' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB873333' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB873339' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB883939' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB885250' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB885835' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB885836' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB886185' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB887472' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB887742' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB888113' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB888302' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB888310' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB890046' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB890047' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB890175' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB890859' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB890923' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB891781' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB893066' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB893086' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB893756' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB893803' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB893803v2' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB894391' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896358' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896422' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896423' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896424' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896428' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB896688' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB898458' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB898461' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB899587' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB899591' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB900725' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB901017' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB901214' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB902400' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB903235' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB904706' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB905414' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'KB905749' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'M886903' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Macromedia Shockwave Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Mcafee SecurityCenter' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Microsoft .NET Framework 1.1 (1033)' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Microsoft Interactive Training' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'MusicNet on AOL' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'MyWaySearchAssistantDE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'NVIDIA Drivers' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Pacific Poker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'PartyPoker' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'PCHealth' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'PROSet' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'QuickTime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Radio@Netscape' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'RealJukebox 1.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'RealPlayer 6.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'RecordNow.exe' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'ResChanger20043.0' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'SGTRAY.EXE' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'slideshow_800x600' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Spybot - Search & Destroy_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'ST6UNST #1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Trivial Pursuit® Handheld Edition for Palm OS' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'ViewpointMediaPlayer' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'VirusScan Online' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Weather Services' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Windows Media Format Runtime' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Windows Media Player' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'WinRAR archiver' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Yahoo! Anti-Spy' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Yahoo! Companion' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Yahoo! Customizations' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found 'Yahoo! Messenger' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{048298C9-A4D3-490B-9FF9-AB023A9238F3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{09DA4F91-2A09-4232-AB8C-6BC740096DE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{0F756CD9-4A1E-409B-B101-601DDC4C03AA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{2637C347-9DAD-11D6-9EA2-00055D0CA761}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{30BB4D60-81DB-11D5-BB77-00400536ABAC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{319D9385-EEC1-4ae5-BFD1-C5DE1E063F30}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{33BB4982-DC52-4886-A03B-F4C5C80BEE89}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{352310C3-E46B-42D3-8F32-54721FDD72D9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{35BDEFF1-A610-4956-A00D-15453C116395}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{3AC83D91-35E2-1A44-5121-943F0D5A2E00}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{3F92ABBB-6BBF-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{403EF592-953B-4794-BCEF-ECAB835C2095}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{40C03514-89C3-41BA-0090-3B440256DB87}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{45EBDA59-D33B-433A-956E-B2F236468B56}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{536F7C74-844B-4683-B0C5-EA39E19A6FE3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{5905F42D-3F5F-4916-ADA6-94A3646AEE76}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{7148F0A8-6813-11D6-A77B-00B0D0142030}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{7A3F0566-5E05-4919-9C98-456F6B5CF831}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{7C503E58-B2BC-11D5-978A-0050BA84F5F7}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{7F142D56-3326-11D5-B229-002078017FBF}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{81A34902-9D0B-4920-A25C-4CDC5D14B328}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{8A708DD8-A5E6-11D4-A706-000629E95E20}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{90110409-6000-11D3-8CFE-0150048383C9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{9541FED0-327F-4DF0-8B96-EF57EF622F19}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{AC76BA86-0000-0000-0000-6028747ADE01}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{AC76BA86-7AD7-1033-7B44-A00000000001}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{AF19F291-F22F-4798-9662-525305AE9E48}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{BA0F44C2-A883-11D1-AD0A-006097D15E2C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{D45EC259-4A19-4656-B588-C2C360DD18EA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{E93E5EF6-D361-481E-849D-F16EF5C78EBC}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Add/Remove Programs: Found '{F0A37341-D692-11D4-A984-009027EC0A9C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' Files and Directories: Cleaned 'np.tmp' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'ova4-050823.cab' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'tsi4-050801a.cab' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'tsi4-050801b.cab' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'tss4.cab' in 'C:\Program Files\Kazaa\Db' Files and Directories: Cleaned 'chasey01.ksa' in 'C:\Program Files\Kazaa\My Search Agents' Files and Directories: Cleaned '' in 'C:\Program Files\Kazaa' Files and Directories: Cleaned 'account0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'account1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'account2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but0_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but0_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but12_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but12_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but13_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but13_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but14_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but14_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but16_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but16_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but17_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but17_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but18_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but18_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but20_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but20_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but21_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but21_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but22_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but22_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but23_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but23_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but24_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but24_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but25_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but25_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but37_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but37_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but38_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but38_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but3_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but3_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but44_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but44_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But48_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But48_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but51_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but51_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but52_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but52_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but55_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but55_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but56_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but56_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But57_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But57_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but58_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But58_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But59_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But59_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but5_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but5_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But60_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'But60_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but61_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'but61_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_BD0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_BD1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_confirm0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_confirm1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_hist0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_hist1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Mail0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Mail1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Policy0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Policy1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_req0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_req1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Reverse0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_Reverse1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cash_submit2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cc_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cc_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'clear0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'clear1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'convert0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'convert1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'convert2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'CVCHelp0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'CVCHelp1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'CVCHelp2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cvv2.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'cvv2_Dis.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Depfont0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Depfont1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'depositby.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'empty_0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'empty_1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Fax0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'fax1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'GoBack0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'GoBack1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Lower_Or.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'phone0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'phone1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Secured.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'statics.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'submit0.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'submit1.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'TitleSub.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'title_cashoutHistory.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'title_CashoutPolicy.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'title_CashReq.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Title_Point.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'Title_ReverseBankroll.bmp' in 'C:\Program Files\PacificPoker\Cash\media' Files and Directories: Cleaned 'name_font.bmp' in 'C:\Program Files\PacificPoker\media' Files and Directories: Cleaned 'Shared_.dll' in 'C:\Program Files\PacificPoker' Files and Directories: Cleaned 'SoundDrv.dll' in 'C:\Program Files\PacificPoker\Utils' Finished Cleaning --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=FAMILYCOMP Time=Wed Dec 14 20:18:49 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Windows Registry: Found '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}' Windows Registry: Found '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}' Windows Registry: Found '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}' Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}' Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}' Windows Registry: Found '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}' Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}' Windows Registry: Found '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}' Windows Registry: Found '' in 'cpbrkpie.Coupon6Ctrl.1' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}' Windows Registry: Found '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1' Windows Registry: Found '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD' Internet URL Shortcuts Files and Directories Files and Directories: Found '' in 'C:\Program Files\StreamCast' Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus' Finished Scanning Started Backup Finished Backup Started Cleaning Windows Registry: Cleaned '' in 'CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}' Windows Registry: Cleaned '' in 'Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}' Windows Registry: Cleaned '' in 'TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}' Windows Registry: Cleaned '' in 'Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}' Windows Registry: Cleaned '' in 'CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}' Windows Registry: Cleaned '' in 'cpbrkpie.Coupon6Ctrl.1' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1' Windows Registry: Cleaned '' in 'S-1-5-21-3193893-305785531-3233724115-1006\Software\VHLD' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=FAMILYCOMP Time=Wed Dec 14 20:38:39 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Files and Directories: Found '' in 'C:\Program Files\StreamCast' Files and Directories: Found '' in 'C:\Program Files\StreamCast\Morpheus' Finished Scanning ok thats all three hopefully it all fixed and i appreciate the help alot

12-15-2005, 02:20 PM	#7 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	Ok so far i havnt had any popups but I have noticed that alot of pictures arent coming up on websites i dont know if this was caused by somthing that I have done or if it can be repaired but atleast there are no popups I appreciate all of the help

12-16-2005, 12:25 AM	#8 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Please run the Trendmicro scan again and post the log. I need to see whats left in the entrys. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-16-2005, 05:43 PM	#10 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Hummm..something is amiss.... Post another Panda and Ewido logs. I also need you to open hijackthis then click misctools>>open uninstall manager. Once it loads..click on save list and post that log here. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-17-2005, 09:44 AM	#11 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	Ok last night MS antispyware detected 2 new programs Dealhelper and Small136 they were both removed here are my ewido scan and panda scan --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:52:36 AM, 12/17/2005 + Report-Checksum: 5D0774BF + Scan result: C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Amanda Owens\Cookies\amanda owens@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup ::Report End Incident Status Location Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\teller2.chk Adware:adware/searchresults Not disinfected C:\PROGRAM FILES\QL Adware:adware/savenow Not disinfected Windows Registry Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts Adware:Adware/CommAd Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C Virus:Trj/Downloader.GPB Not disinfected C:\WINDOWS\SYSTEM32\04cg896m.dll Adobe Acrobat - Reader 6.0.2 Update Adobe Reader 6.0.1 Adobe® Photoshop® Album Starter Edition 3.0 AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL Toolbar 2.0 CleanUp! Content Scanner Contextual Tool Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Photo Printer 720 Dell Support 5.0.0 (630) DH Documents To Go 3.00 Doom 3 EarthLink setup files ewido security suite Freeze Clip Art GameSpy Arcade Get High Speed Internet! Half-Life(R) 2 Handmark® Oxford American Desk Dictionary and Thesaurus for Palm OS HijackThis 1.99.1 Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics 2 Driver Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet for Wired Connections InterActual Player Internet Explorer Default Page Jasc Paint Shop Photo Album Jasc Paint Shop Pro 8 Dell Edition Java 2 Runtime Environment, SE v1.4.2_03 Kaspersky On-line Scanner Macromedia Shockwave Player McAfee SecurityCenter McAfee VirusScan Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft AntiSpyware Microsoft Office Professional Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Works 7.0 Modem Event Monitor Modem Helper Modem On Hold Musicmatch for Windows Media Player MUSICMATCH® Jukebox MusicNet@AOL My Way Search Assistant NetZeroInstallers Neverwinter Nights NVIDIA Drivers OLYMPUS CAMEDIA Master 4.2 Pacific Poker Palm Desktop Panda ActiveScan PartyPoker PowerDVD Qualxserve Service Agreement QuickTime Radio@Netscape RealPlayer ResChanger2004 Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) slideshow_800x600 Screen Saver Sonic DLA Sonic RecordNow! Sonic Update Manager SoundMAX Spy Sweeper Spybot - Search & Destroy 1.4 Steam(TM) The Sims 2 Trend Micro Anti-Spyware Trivial Pursuit® Handheld Edition for Palm OS Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Viewpoint Media Player Weather Services Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinRAR archiver WordPerfect Office 12 Yahoo! Anti-Spy Yahoo! extras Yahoo! Messenger Yahoo! Toolbar Last edited by JimmyJammy; 12-17-2005 at 09:47 AM.

12-17-2005, 02:25 PM	#12 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Download L2mfix from one of these two locations: http://www.downloads.subratam.org/l2mfix.exe http://www.atribune.org/downloads/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-18-2005, 02:32 AM	#14 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip Download Hoster http://www.greyknight17.com/spy/Hoster.exe Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp!* button to start the program. Reboot/logoff when prompted. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Open add/remove programs and remove the following IF listed. DH Freeze Clip Art My Way Search Assistant Viewpoint Media Player Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED. HKEY_CLASSES_ROOT\CLSID\ {27B297A0-A873-44D5-8CEE-7D3173551B67} Close regedit Run the Hoster program and select "Restore Orginal Hosts File" Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. C:\WINDOWS\teller2.chk C:\PROGRAM FILES\QL C:\WINDOWS\SYSTEM32\04cg896m.dll C:\WINDOWS\system32\lqfil11n.DLL Once you reboot..post another Panda scan and let me know how things are running. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-18-2005, 01:01 PM	#15 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	Ok so I did everything from previous post but i still cannot uninstall mywaysearch assistant here is the panda scan results Incident Status Location Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\timessquare1.dat Adware:adware/searchresults Not disinfected C:\PROGRAM FILES\QL Adware:adware/savenow Not disinfected Windows Registry Virus:Trj/Downloader.GPB Not disinfected C:\!KillBox\04cg896m.dll Adware:Adware/CommAd Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B33C20-C00E-451D-804F-F28672\EA7E045A-8E0E-487D-BF58-A67D1C

12-18-2005, 01:07 PM	#16 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,694 OS: N/A	Download & run this file - DellMyWaySearchAssistantUninstaller.exe * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: Hyperlinker / QL Please note any other programs that you dont recognize in that list in your next response * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\WINDOWS\timessquare1.dat C:\PROGRAM FILES\QL * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. Post a new HJT log & let me know how everything went. Do you still have any more issues with your machine? __________________ No offense intended. Any that was taken, is likely self-inflicted :p

12-18-2005, 04:22 PM	#17 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	ok i could not find Hyperlinker / QL to uninstall but here is my hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 7:19:34 PM, on 12/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\program files\valve\steam\steam.exe c:\program files\mcafee.com\shared\mghtml.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search...r/netscape.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

12-19-2005, 01:08 AM	#18 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Please post 1 more Panda log and let us know how things are running. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-19-2005, 03:11 PM	#19 (permalink)
JimmyJammy Registered User Join Date: Dec 2005 Posts: 69 OS: xp	ok here is my panda scan thanks for all the help! Also what is done with any money that is donated to the forum? Incident Status Location Adware:adware/savenow Not disinfected Windows Registry Virus:Trj/Downloader.GPB Not disinfected C:\!KillBox\04cg896m.dll

12-19-2005, 06:23 PM	#20 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	C:\!KillBox <--delete that folder Any money donated to the forum goes right back into maintaining the forum and the servers it resides on. Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below. Reset hidden/system files and folders Windows XP =============== Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Windows 2000 =============== Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Select the Advanced settings box option. Select the Hidden files Folders. Deselect the Show all files option. Click Yes to confirm. Click OK. Windows ME =============== Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Windows 95/98/98SE =============== Open My Computer. Select the View Select the Folder Options option. Select the View tab. option. Select the Advance Advanced settings box option. Select the Hidden files folder. Deselect the Show all files option Click Apply to confirm. Click OK. Create a new System Restore point Windows XP =============== Click Start >> Run - type SYSDM.CPL & press Enter Select the System Restore Tab Tick on the checkbox - "Turn off System Restore on all drives" Click Apply Then untick the same checkbox & click OK This deletes ALL restore points that had the infection and creates a clean one Windows ME =============== Click the Start tab. Select the Settings option. Select the Control Panel option. Double Click the System icon Performance tab option. Select File System Select the Troubleshooting tab Check the Disable System Restore box Click Apply to confirm. Click OK. Reboot the PC and repeat the above procedure again When you get to this option Uncheck the Disable System Restore box For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below. Click the Start button. Point to Programs, point to Accessories, point to System Tools, and then click System Restore. Choose Create a restore point, and then click Next. In the Restore point description box, type a name for your restore point, and then click Next. Click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl Tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system. Recommended Protection Programs Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. WinPatrol to monitor any changes that programs make to the registry. If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/firewall Tiny Personal Firewall OutPost Firewall In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use: Grisoft AVG Anti-Virus System Alwil Avast 4 Home Edition Softwin BitDefender Free Edition Version 7 In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place. Please respond to this thread one more time so we can mark this thread as resolved. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder