TheTechGuide Forum

General Category => Tech Clinic => Topic started by: chewman on February 06, 2007, 11:24:59 PM

Title: Return User
Post by: chewman on February 06, 2007, 11:24:59 PM
You guys helped me out before...hoping you can again. Getting system errors and system runs slow. Here's my HJT file.  /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Logfile of HijackThis v1.99.1
Scan saved at 11:00:55 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\SPYGUARD\AVSched32.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [hlfxpk] C:\WINDOWS\system32\htbgqm.exe reg_run
O4 - HKLM\..\Run: [dmsev.exe] C:\WINDOWS\system32\dmsev.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dimyr] C:\WINDOWS\system32\htbgqm.exe reg_run
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: abnhw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\SPYGUARD\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
Title: Return User
Post by: guestolo on February 11, 2007, 12:27:41 PM
Sorry for the delay, if you still need a hand with your log
Can i have you post a fresh hijackthis log please

Are you able to post a fresh hijackthis log from Normal windows?
It appears you may have posted one from safe mode
Title: Return User
Post by: chewman on February 12, 2007, 10:35:18 PM
Thanks for your reply.  Here is the the log you requested, it's not from a "safe mode" boot:
Logfile of HijackThis v1.99.1
Scan saved at 9:52:16 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SPYGUARD\AVWUPSRV.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SPYGUARD\AVSched32.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\xpupdate.exe
C:\Program Files\SpyMarshal\SpyMarshal.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\John\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\SPYGUARD\AVSched32.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [dmcnc.exe] C:\WINDOWS\system32\dmcnc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\SPYGUARD\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\~tmp0374.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
Title: Return User
Post by: guestolo on February 13, 2007, 12:32:48 AM
Hi again, Print these instructions or save them too a text file on desktop

 Can you ensure that you ONLY run hijackthis from this location
C:\Program Files\HJT\HijackThis.exe

I'm a little confused about one entry in your hijackthis log
C:\Program Files\SPYGUARD\AVWUPSRV.EXE
Do you actually have an Antispyware program installed from Avira called SpyGuard?
The other SpyGuard is rogue, access your add/remove programs and remove it

If you have 2 AntiVirus software running, this is not wise, choose which your happiest with and uninstall the other

Can I have you download some tools please
==Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later

==Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop, we'll need it later

==Download FixwareOut from one of the following sites:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe (http://\"http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe\")
http://downloads.subratam.org/Fixwareout.exe (http://\"http://downloads.subratam.org/Fixwareout.exe\")
Save it too desktop, we'll need it later

==Download the latest version of  [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Note : [color=\"#00BFFF\"]process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Please disable your antispyware protections so they won't interfere with any fixes
AntiVir>>Deactivate the SpyGuard please

Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Leave these disabled till we have you all clean


==Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe

O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe

O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [dmcnc.exe] C:\WINDOWS\system32\dmcnc.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\~tmp0374.exe


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on FixWareout.exe
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads, it will open a textfile. Save that log, because I need it later.

==Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account

==Open the SmitfraudFix folder you extracted to desktop earlierThe tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

In Safe Mode again:

SDFix
Go to START>>My Computer>>Double click to open the C:\ folder Back in Normal Windows
DO the following
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE: [color=\"#FF0000\"]ONLY[/color] if you have connection problems after performing any of the above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Post back all the following please, even if it takes more than one reply to do so

1. Post the log from Combofix   >> C:\Combofix.txt
2. Post the log from SDFix>>"Report.txt" within the SDFix folder
3. Post the log from FixWareout
3. Post a fresh Hijackthis log
Title: Return User
Post by: chewman on February 19, 2007, 02:39:57 PM
Followed the instructions you have given me.  Here are the logs you requested, only problem, AutoScam has been running for over 30mns....report not supplied:
HJT LOG:


Logfile of HijackThis v1.99.1
Scan saved at 14:24, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe





SDFix LOG:

SDFix: Version 1.65

Run by: John - 07-02-19 @ 13:33:59.90

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IE Updater

Path:
C:\~tmp0374.exe /start

Microsoft IE Updater Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\Z310.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3101.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3111.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3128.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3151.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3174.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3202.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3251.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3273.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3283.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3325.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3344.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3364.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3437.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3446.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3478.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3479.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3485.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3486.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3491.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3499.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3530.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3552.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3558.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3560.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3579.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3588.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3592.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3611.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3615.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3631.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3641.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3703.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3755.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3772.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z378.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3783.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3809.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3815.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3822.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3832.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3843.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3844.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3845.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3927.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3957.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3967.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3997.DLL - Deleted
C:\svchost.exe - Deleted
C:\WINDOWS\system32\ksl48.bin - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msrp32.exe - Deleted



ADS Check:

C:\WINDOWS\system32
  :bbaa.dll                               5392
Total size: 5392 bytes.

 Removing ADS...

system32: deleted 5392 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

                                 Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:explorer"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\Explorer.EXE:*:enabled:Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Munchie\Application Data\Earthlink\6.0\[email protected]\Favorites\Desktop.ini
C:\Documents and Settings\Tishy\Application Data\Earthlink\6.0\[email protected]\Favorites\Desktop.ini
C:\Program Files\Canon\Memory Card Utility\iP6700D\uinstrsc.dll
C:\Program Files\Canon\Memory Card Utility\iP6700D\Maint.exe
C:\Documents and Settings\Munchie\Local Settings\Temp\winF865.tmp
C:\Program Files\InterActual\InterActual Player\iti16.tmp

                                 Finished





SmitFraudFix
SmitFraudFix v2.142

Scan done at 13:25:55.56, 07-02-19
Run from C:\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="DDE Control Module"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1  localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\SpyGuard\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="DDE Control Module"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"



»»»»»»»»»»»»»»»»»»»»»»»» End




Fixwareout

 
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmdqx"
HKLM\SOFTWARE\~\Winlogon\ "System"="csihf.exe"

»»»»» System restarted
 
»»»»» Postrun check
HKLM\SOFTWARE\~\version\Run\ "dmdqx"
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "phqgh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "pgtshlld"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nidnsdr"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23naelch"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "aplnsftn"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23rtcdaol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "lgemd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "1dedoc"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "llams_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "domdnb"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "orcimlh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23tsniow"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "24"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "emvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "39"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "40"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "41"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "42"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "43"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "44"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "45"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "46"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "47"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "48"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "49"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "50"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "51"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "52"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "53"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "54"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "55"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "56"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "57"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "58"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "59"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "60"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "61"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "62"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "63"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "64"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "65"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "66"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ixcmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "golmedi"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tbwmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C7808CDBA304-D449-FF84-09DE-ECC9278E{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}53A97BAD26F7-FE18-F1D4-1C4D-7AB94060{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E483B7EA84EC-D33A-EDB4-2907-72F51AFF{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}496472C8A074-6179-7B14-BB03-5779A6F5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}77B2198E4842-D0A8-43D4-4365-12416B4A{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9320F0D0EA63-6F39-7E04-21A2-8252ADAC{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "quwmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6D5E69AE1035-8678-98F4-9BB7-4461924B{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}896C0F118AD9-965B-A9B4-D596-9387EA58{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4FA8B150F877-0979-8104-D6D4-09AE0A1F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}347B2A8E5C74-6528-5D54-6D91-68485539{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EE67D02E3F8C-E479-0DA4-88EF-D03F8019{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DF01266C4D45-F2B8-2DB4-D6C5-3AEF92D0{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}958DBFE4B781-593A-4C14-5787-7D2ABF2F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}550A8007CA3D-F21A-5024-A4ED-7EB67084{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}26024FF4CA24-E108-51E4-9CA6-16D5A55D{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EF2D7665DD71-476B-93B4-D9EB-FF20D34B{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6374BBE0E3C4-B83A-3704-4646-F347DBDE{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3B84D98A7C9F-54A9-EAF4-2FF0-25DE17D5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7281DAD5B256-D049-C974-6BDD-F80119E1{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DC45BFC3305A-4F2A-8074-69CC-EF9DCBF1{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FDDA7050D0D4-F2D9-1184-489C-2607A88C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C64C6539B4FA-CA4A-7354-A681-98BC1201{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C09792DCAD6B-8EF8-A8A4-06F2-C5715531{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}246B4C2858A4-AEAB-41A4-07EA-FC6F546E{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9943231218EE-40F8-F9D4-BB3E-7DDA982C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1660D75619C1-3E9B-4F64-BC84-18EF974C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}88CE78E2BD16-024B-5564-0DA6-51DF2864{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}008D3B9981DA-28AB-D4A4-12E1-F3DD69F5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CA828382D088-EF98-6E14-821A-6EE10D9D{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8DCA6B1C6E71-D5BA-9E74-B73E-75A2883C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1FC5C7D4FFFB-C479-4974-4129-C4D0E473{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7AE688982284-39AA-0484-8E80-C4E080BB{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}798841EE118B-DEDA-5C24-BE8F-986B2C5F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}34681DB436A4-780B-4234-FECA-8EEC32A7{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6B86C7E6792B-77F9-1EB4-35E1-F7E8E1D9{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F23D51D6C833-E9BB-E614-8141-9A0A49CB{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}75BDDDE9EB3D-04F8-2644-3BAA-76E87734{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}766780304602-68B8-E744-8774-21373D91{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}72AB5C53EDB4-9098-1254-0FB0-BC39CCF8{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xqdmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "pgtshlld"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1dedoc"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llams_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ytpme"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "domdnb"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "orcimlh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23tsniow"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "emvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "owt"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7805B3096F43-81C8-4BC4-B9C6-C82A52B9{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A44EA6F0748C-DB4B-4D34-4F28-C46F821B{"  Deleted
HKLM\~\currentversion\run "dmdqx.exe"  Deleted
C:\WINDOWS\System32\dmwbt.exe  Deleted
C:\WINDOWS\System32\dmwuq.exe  Deleted
C:\WINDOWS\System32\csyai.exe  Deleted
C:\WINDOWS\System32\fretj.exe  Deleted
C:\WINDOWS\System32\xvwjg.exe  Deleted
....
»»»»» Misc files.
C:\Documents and Settings\John\Application Data\Install.dat Deleted
C:\Documents and Settings\John\Application Data\kc.tmp Deleted
C:\Documents and Settings\John\Application Data\uns.tmp Deleted
C:\Documents and Settings\John\Application Data\wo.tmp Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
c:\documents and settings\john\favorites\AdultGambling.url Deleted
c:\documents and settings\john\favorites\Download Free Spyware Remover.url Deleted
c:\documents and settings\john\favorites\Free Online Dating.url Deleted
c:\documents and settings\john\favorites\[censored] Real Girls.url Deleted
c:\documents and settings\john\favorites\Kill Annoying Popups.url Deleted
c:\documents and settings\john\favorites\NEW VIAGRA at Half Price!.url Deleted
c:\documents and settings\john\favorites\Online Chat With Nude Girls.url Deleted
c:\documents and settings\john\favorites\Order CIALIS online without leaving home..url Deleted
c:\documents and settings\john\favorites\PC protection in under 2 minutes!.url Deleted
c:\documents and settings\john\favorites\Remove Toolbars.url Deleted
c:\documents and settings\john\favorites\SEX Dating - Real Girls For Real SEX.url Deleted
c:\documents and settings\john\favorites\Spyware Uninstall.url Deleted
c:\documents and settings\john\favorites\SPYWARE.url Deleted
c:\documents and settings\john\favorites\Stop PopUps On Your Computer.url Deleted
c:\documents and settings\john\favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
c:\documents and settings\john\favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINDOWS\BALLOON.WAV Deleted
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\drivers\zpmodemnt.sys Deleted
C:\WINDOWS\System32\filesafer23.exe Deleted
C:\WINDOWS\System32\howiper.exe Deleted
C:\WINDOWS\System32\msblank.html Deleted
C:\WINDOWS\System32\setupcarnival.exe Deleted
C:\WINDOWS\xpupdate.exe Deleted
c:\documents and settings\john\favorites\Online Pharmacy  Deleted
c:\documents and settings\john\favorites\Sex and Dating  Deleted
c:\documents and settings\john\favorites\Spyware Uninstall  Deleted
C:\Program Files\KillAndClean  Deleted
C:\WINDOWS\system32\{06049BA7-D4C1-4D1F-81EF-7F62DAB79A35}.exe Deleted
C:\WINDOWS\system32\{0D29FEA3-5C6D-4BD2-8B2F-54D4C66210FD}.exe Deleted
C:\WINDOWS\system32\{1021CB89-186A-4537-A4AC-AF4B9356C46C}.exe Deleted
C:\WINDOWS\system32\{1355175C-2F60-4A8A-8FE8-B6DACD29790C}.exe Deleted
C:\WINDOWS\system32\{19D37312-4778-447E-8B86-206403087667}.exe Deleted
C:\WINDOWS\system32\{374E0D4C-9214-4794-974C-BFFF4D7C5CF1}.exe Deleted
C:\WINDOWS\system32\{378D3FEC-3877-40EB-9E9E-68F666204163}.exe Deleted
C:\WINDOWS\system32\{3F165C10-A647-4F0F-9A97-4D60F3B156BF}.exe Deleted
C:\WINDOWS\system32\{43778E67-AAB3-4462-8F40-D3BE9EDDDB57}.exe Deleted
C:\WINDOWS\system32\{4682FD15-6AD0-4655-B420-61DB2E87EC88}.exe Deleted
C:\WINDOWS\system32\{48076BE7-DE4A-4205-A12F-D3AC7008A055}.exe Deleted
C:\WINDOWS\system32\{5D71ED52-0FF2-4FAE-9A45-F9C7A89D48B3}.exe Deleted
C:\WINDOWS\system32\{5F6A9775-30BB-41B7-9716-470A8C274694}.exe Deleted
C:\WINDOWS\system32\{5F96DD3F-1E21-4A4D-BA82-AD1899B3D800}.exe Deleted
C:\WINDOWS\system32\{7A23CEE8-ACEF-4324-B087-4A634BD18643}.exe Deleted
C:\WINDOWS\system32\{85AE7839-695D-4B9A-B569-9DA811F0C698}.exe Deleted
C:\WINDOWS\system32\{8FCC93CB-0BF0-4521-8909-4BDE35C5BA27}.exe Deleted
C:\WINDOWS\system32\{9108F30D-FE88-4AD0-974E-C8F3E20D76EE}.exe Deleted
C:\WINDOWS\system32\{93558486-19D6-45D5-8256-47C5E8A2B743}.exe Deleted
C:\WINDOWS\system32\{9B25A28C-6C9B-4CB4-8C18-34F6903B5087}.exe Deleted
C:\WINDOWS\system32\{9D1E8E7F-1E53-4BE1-9F77-B2976E7C68B6}.exe Deleted
C:\WINDOWS\system32\{A4B61421-5634-4D34-8A0D-2484E8912B77}.exe Deleted
C:\WINDOWS\system32\{B128F64C-82F4-43D4-B4BD-C8470F6AE44A}.exe Deleted
C:\WINDOWS\system32\{B4291644-7BB9-4F89-8768-5301EA96E5D6}.exe Deleted
C:\WINDOWS\system32\{B43D02FF-BE9D-4B39-B674-17DD5667D2FE}.exe Deleted
C:\WINDOWS\system32\{BB080E4C-08E8-4840-AA93-482289886EA7}.exe Deleted
C:\WINDOWS\system32\{BC94A0A9-1418-416E-BB9E-338C6D15D32F}.exe Deleted
C:\WINDOWS\system32\{C289ADD7-E3BB-4D9F-8F04-EE8121323499}.exe Deleted
C:\WINDOWS\system32\{C3882A57-E37B-47E9-AB5D-17E6C1B6ACD8}.exe Deleted
C:\WINDOWS\system32\{C479FE81-48CB-46F4-B9E3-1C91657D0661}.exe Deleted
C:\WINDOWS\system32\{C88A7062-C984-4811-9D2F-4D0D0507ADDF}.exe Deleted
C:\WINDOWS\system32\{CADA2528-2A12-40E7-93F6-36AE0D0F0239}.exe Deleted
C:\WINDOWS\system32\{D55A5D61-6AC9-4E15-801E-42AC4FF42062}.exe Deleted
C:\WINDOWS\system32\{D9D01EE6-A128-41E6-89FE-880D283828AC}.exe Deleted
C:\WINDOWS\system32\{E645F6CF-AE70-4A14-BAEA-4A8582C4B642}.exe Deleted
C:\WINDOWS\system32\{EDBD743F-6464-4073-A38B-4C3E0EBB4736}.exe Deleted
C:\WINDOWS\system32\{F1A0EA90-4D6D-4018-9790-778F051B8AF4}.exe Deleted
C:\WINDOWS\system32\{F2FBA2D7-7875-41C4-A395-187B4EFBD859}.exe Deleted
C:\WINDOWS\system32\{F5C2B689-F8EB-42C5-ADED-B811EE148897}.exe Deleted
C:\WINDOWS\system32\{FFA15F27-7092-4BDE-A33D-CE48AE7B384E}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

C:\WINDOWS\system32\cscfd.exe 51261 06-04-23
C:\WINDOWS\system32\csivc.exe 51751 06-10-26


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Or http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")

»»»»» Other
C:\WINDOWS\Temp\dmdqx.ren 61023 04-08-03



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"CamMonitor"="C:\\Program Files\\HP\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\HP\\HP Share-to-Web\\hpgs2wnd.exe"
"PDUiP6700DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6700D\\PDUiP6700DMon.exe"
"CanonMyPrinter"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6021\\SiteAdv.exe"
"hlfxpk"="C:\\WINDOWS\\system32\\htbgqm.exe reg_run"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"dimyr"="C:\\WINDOWS\\system32\\htbgqm.exe reg_run"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Title: Return User
Post by: chewman on February 19, 2007, 05:51:07 PM
I also restarted my machine and Zonelarm shows a pgm called Ldgdca32.exe is trying to ass the internet.  Was this part of the "ComboFixe.exe?
Title: Return User
Post by: guestolo on February 19, 2007, 07:46:44 PM
Since it's been awhile since I supplied a fix \

Can you please supply a fresh hijackthis log in case your serious about fixing this machine
Title: Return User
Post by: chewman on February 19, 2007, 08:04:13 PM
This is da latest from c:/Program Files/HijackThis.exe:

Logfile of HijackThis v1.99.1
Scan saved at 20:01, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
Title: Return User
Post by: guestolo on February 19, 2007, 08:10:49 PM
Can you do the following please

Download [color=\"blue\"]haxfix.exe[/color] (http://\"http://users.telenet.be/marcvn/tools/haxfix.exe\")
and save it to your desktop.A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit HaxfixIf an infection is found, you'll get a message to close all other open windows.Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip (http://\"http://www.malwarebytes.org/Qoofix.zip\")[list=1]
Finally post a new HijackThis log and the contents of the Qoofix logfile along with the log from Haxfix
Title: Return User
Post by: chewman on February 19, 2007, 08:57:32 PM
Here we go:

HAXFIX logfile - by Marckie

version 4.37
07-02-19  20:22:16.40
 
--- Auto Haxdoorfix ---


searching for files:
 
no infections found


--- Goldunfix ---


searching for files:
 

checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
ideusr50
 
searching for services:
idersrvc


deleting service idersrvc
[SWSC] DeleteService SUCCESS
 
 
.....rebooting the computer.....  
 
 
searching for ssodlkeys

not needed  


searching for notifykeys

notifykey ideusr50 not found


searching for services

service idersrvc not found


searching for safeboot services

not needed  


searching for files
 
ideusr50.dll exists  
deleting ideusr50.dll
ideusr50.dll has been deleted
 
idersrvc.sys exists  
deleting idersrvc.sys
idersrvc.sys has been deleted


checking for other files
 
ksl48.bin exists  
deleting ksl48.bin
ksl48.bin has been deleted
 

checking for a3d files

no a3d files found


Finished








Qoofix v1.04 by http://www.malwarebytes.org (http://\"http://www.malwarebytes.org\")
Scan started on [07-02-19] at [20:42:29]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [07-02-19] at [20:43:46]

Note: Some registry keys may have been removed.












Logfile of HijackThis v1.99.1
Scan saved at 20:54, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
Title: Return User
Post by: guestolo on February 19, 2007, 09:09:36 PM
A little better, still some work to do

Download About:Buster from here:
http://www.malwarebytes.org/AboutBuster.zip (http://\"http://www.malwarebytes.org/AboutBuster.zip\")
Unzip it to the desktop, but do [color=\"#0000FF\"]NOT run it just yet.[/color]

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
We'll need this later

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\")CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"


Ensure that Microsofts Anti-Spyware protections are disabled, as to not interfere

Do a "System scan only" with Hijackthis and put a check next to these entries:

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer in Safe Mode by doing the following :Find and delete this file
C:\WINDOWS\system32\Ldgdca32.exe<-this file, exact spelling

============================================
==Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
==================================================

Load AVG Anti-Spyware 7.5I will need to see this log later

run About:Buster and click Begin Removal to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log".
This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

Restart the computer back to Normal windows

Back in Windows
Go ahead and install the latest version of Java from the installer you saved to desktop earlier

Post back the following
1. Post a fresh hijackthis log
2. Post the Whole report from AVG-Antispyware
3. Post the log from AboutBuster>>AB Logfile.txt
Title: Return User
Post by: chewman on February 19, 2007, 09:45:23 PM
installing AVG bur install seems to be "stuck" at installing gaurd.exe/install.  Task Mgr is showing several "Ldgdca32.exe's.

Any thoughts?
Title: Return User
Post by: guestolo on February 19, 2007, 09:48:11 PM
Open task manager and end process on any Ldgdca32.exe's

Then try installing AVG

I edited my instructions with AboutBuster just a bit
Title: Return User
Post by: chewman on February 19, 2007, 10:06:20 PM
Task Mgr wasn't responding.....turned off machine.....doing the following then re-istalling AVG Anti-Spyware 7.5:

Reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Find and delete this file
C:\WINDOWS\system32\Ldgdca32.exe<-this file, exact spelling
Title: Return User
Post by: chewman on February 19, 2007, 10:32:30 PM
Installed AVG.....got the following error when trying to do the following:

Do a "System scan only" with Hijackthis and put a check next to these entries:

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)





An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
Title: Return User
Post by: chewman on February 19, 2007, 10:38:04 PM
Continuing with the rest of your instructions.
Title: Return User
Post by: chewman on February 19, 2007, 11:47:56 PM
All done :


with this exception:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

AVG LOG---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   23:20 07-02-19

 + Scan result:   



C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader\30o21YKUWZPM -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader\30oK1YKUWZPM -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110689.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{007FBB10-29F9-1035-4BC6-EADBD6D78464} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{010A99FA-9882-49E3-F544-44129592A646} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0144BFA4-0B7F-AD08-70B4-D0CB8681927E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{01DD3C0B-760F-349E-147E-03404280DA8F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{035AB507-A454-30C0-7879-F028430BA8A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04CABB8A-1C34-EAB8-A8CB-9FFB336540D4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04FA0937-0930-1006-31A1-535AEA9649FE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{059571E8-E486-1B82-E2B1-5E7F1A56B1E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05D28462-944E-6985-69CD-AF3E4EABB1C8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{064CE72F-402C-6FA9-72C8-ADF5FEC210AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{07FCAF49-FD62-5DEF-3389-86CC7653686C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08982F71-2D81-FE94-902C-1F610D4507B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0ADC4EA8-88E9-0336-6EB6-BF9DB04B13C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B01EADD-4EEA-1744-7321-45BB28A5E86A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B03A0B6-16B3-A425-EE96-A2D79D21C656} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B5FA233-21D3-D511-CADA-148239911966} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D477064-C0A0-92DC-477A-47E26D658ED6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D6DF7B4-0791-C370-E841-7B9D73209399} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E3BEE03-C426-F488-CA26-D938932339AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E5EA4C0-B875-E8EB-6346-37389658CBB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0FCDFA68-74F9-605A-8029-180E50A9964A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{10DB1C9B-ADDF-61CA-1C8A-E71824C7095A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1393F29F-3AD1-88F1-8182-7EBCC2149DC1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{145E2E36-9557-E8ED-B3E6-8C523800B7CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{146A4A8B-66F9-80FA-6E14-51A6991BAC7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{146C42AD-EBB6-43E5-C5BA-DB26064A7470} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1487B770-6A12-97D9-7B4A-24F6E0B7B61F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15169BF7-4D6B-25BA-10D4-D4B3372CA27F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1726BB1C-92AA-0B00-1211-47F4A3A3EEA0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17336823-C09C-0112-2E17-24CDEF3210FE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18BD7678-F3E6-0F97-58E1-25729D99EF1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19A72A9E-9283-25A1-64C8-866A3A28A5F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19E67B9F-AA15-C7B4-F1B2-7123D9904006} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B1DA145-B3CE-F574-FA22-F80D9CFEDEF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1C802FC2-0FBE-6831-98C8-B57153BA99B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1CC73956-BD3E-B7C2-91C6-AC8D12653645} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DD3D11A-3109-1C20-8BD5-58F5241F1766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DE9D3C3-1F3E-3BCC-8E64-E73BCDC73BFE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DEAC208-7D07-8540-058A-CF49D6A25C2D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DF2044E-54E9-138A-9C50-43F180D78BEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1E6232D0-6D88-B285-E180-CDD5A3EB81A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1E91EDCD-5D77-5592-4D1A-99285FEF3484} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F3C3714-CA96-D3D9-77F0-375ADE521DFA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F5FE910-5ABC-E653-29DC-12E244065137} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FA6740E-EFFA-5A22-3EBB-3FEAEF48F18E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FA74F44-BE14-6F79-094E-4760D87A1B13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{204CF7AD-DECD-3393-D1C2-CF61EC78EE41} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21038A27-B7B7-5C1A-532D-FF4CF172CF7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22B4B257-69AE-8C5F-DBD2-FA0E6A98AA9E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22E2AB09-0048-1FF5-A3E7-70536A1077C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24A65122-E418-D30F-9B86-0FC7CF1A477D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24E085E6-A513-1BB9-B89C-40092BAEC3AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{255C680E-EE44-9B93-ED72-6344AA27F1B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25877FBF-1323-1925-B74C-5B9440716CDF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{26565460-D3FF-D0D6-C07D-1F260FA16CC8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{26F824B1-3210-2E17-0339-3763F421ECEA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27D033EA-BD9C-D255-4074-1A53C42880AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2ABCBCF0-8C96-2872-D4B2-E7057D74D936} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2C9FB350-1F61-9DFE-1F19-BA68037F1E85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DAA6992-F22A-144A-88BA-7AD0571824B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DB33C9A-486B-0088-7058-260CEBB2901E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2E6CDBB1-05CF-AC3A-EFB0-319C0875DD54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2EDD9108-F5D8-936A-8F9A-116CB847DCC0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FA30FBE-52D6-760C-819A-ECC0872CC2F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FC735CE-855B-F1B2-A6ED-CAEA0E1EA230} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3091EAAE-EA3F-5AF5-61EB-FF47DFCAB8E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{30C16827-1FE8-9C39-95A4-CA3E7FEC6A5D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32620F8C-DCE8-E07F-3BD4-E69AA6B34342} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32D49AC6-E2D7-4904-D7DB-D80E36A7A1A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3427F1C9-F259-B31A-97AA-AC97C3A2E177} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{34601DD7-1E8A-D921-D291-3E41DC92883F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{347C1703-1261-677F-2F95-8E86B36EE44A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{353955DE-0A8B-BAA1-4E05-45BA788C8A1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{36B5C765-C685-F8E0-C22A-C7E299E5DBE3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38991D10-CBCA-F8EF-3BAC-A55F194EE6B4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A6D4A75-035C-3482-B127-1A32586AA762} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C21EAED-F454-E176-15F0-6596002902B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C4AC4EC-FE88-B619-D551-78D33D1F43F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C5C4850-36D4-6572-6140-C96039A1ECF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3DD7AE9F-F8EB-AF16-2B02-2A988BE51A9C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F300A97-6990-3673-92B7-FCDF52055C5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4054D236-524F-3C5F-6F45-BD878D877CD7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{40679120-E85E-36A3-1F67-C69B6C67564C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{424E3970-C42B-B0EE-5949-FE8987AD05F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{424ECF3F-0AA2-ED97-35AB-180E7F0F8EB4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4257FD6F-CC6E-C899-A041-064CA1A2E04A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{42786F80-1824-F742-19A7-AE3363AF607E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{477DF9B4-C171-F601-74D6-D3697B4B1E8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{49AC57E8-353B-7743-0031-4EF11F75AAF4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A5C0B03-44B3-2F5D-257F-562F674EEA19} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4AA3BE08-9CE4-7D9F-F202-DA39AAEC5E43} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C18C6B1-6A70-27D0-30C0-7557B18963E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C1A6D23-ABA7-8BFA-255F-F1EC493706F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C57E717-CFF7-3593-E15F-0DB069077A96} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EEA0D22-A231-FA24-2605-CBA388EAC447} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4FBD5745-B5C3-0C90-BAD1-7677913D28A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{50B91207-4289-28BE-FC70-4CE72F0402CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5121C34F-9558-986B-9B86-B10A646B0ADE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{52ECF232-74FC-F601-5130-3F286CC40343} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{535C0AC4-7A9A-D625-3C05-BD827CE8A41E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538D316B-A3A2-1200-EE47-1BEF8BCDD755} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538EEB8F-48F3-4823-CA19-09ED9EFBD83E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{544F8ECF-7661-CF47-2FD0-EA32255B9B7C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{557DB264-B787-9FAF-B38E-5229D7E658DF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55AC4EE7-4B4F-A677-88EE-C19AD29C7B4D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56797143-E10D-7419-5DA8-0CA0118FB27B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57431542-0B78-C8F5-0587-4323710F1B6B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57C0C13E-E95C-411D-BCD9-A537E6B2AA24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57E6A677-F1C2-427F-A8EB-9D6D26F602D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58A3B91E-A75A-8511-4324-2C08241EDB1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58BA44D2-4E05-CF21-D46C-343B479557D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AA172E2-6059-7715-0AA0-87AE593D8F51} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B264A71-ACA3-B02C-C94B-CE36D3C130D4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BD77D9A-0FBD-7D9B-A984-E95897A73BF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C8F854E-7CEA-C523-244D-78543DBCC516} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D1F9D91-369E-9436-1F3D-1D229ECB536B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DD9363D-9344-7F98-092E-C89C21F50B8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E401E95-F815-BE2D-118F-4939794C5869} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E8BA5AA-42CF-368F-88E1-1CDF46D25744} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5ED0322D-E61A-0915-184A-5DEFC6990411} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5FFCDEE9-901B-22A9-1E8A-80C150D6A16B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{602CDF71-C65F-C2D9-F3F1-A7464BF6D83A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61BA9713-4C7D-321C-7CDA-2D19B793429D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67293992-3673-B33A-B89D-CC5E1227D820} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67B80809-7CF1-F9C2-0414-F6035AB85372} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A75C515-CC5F-6696-8035-27DB2757E092} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6B2E69E2-80CF-0FCD-2529-005B76F6EB87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CA48318-B290-E202-B535-B2649B563FF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D25C675-70D8-EC23-84B5-DA5169D62ABC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D909587-C3B7-83AE-F036-1E663153BA5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{710CE7D8-7CDF-35F3-6A22-9AEB843DD571} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7121259F-441E-E13B-61A6-168C5EC38A14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{74350DCA-A542-D7B4-3901-455AF6D1F483} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{744FBCBB-B55D-0FBB-058F-6B2CF3E8A4A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{74EE63C1-C2F6-8F52-938B-84D9F1EAC423} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75AF0B00-D89D-D529-63DB-460FA539C3A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75BB4F6B-5C13-57AB-D6BE-6255AE9F8D33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75BC0FE9-0320-B195-F169-906263F5741D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75C38C94-6CDD-2721-E20A-041C3BD770C1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{76F53757-9FEA-7D69-1396-53BBD24BD3EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7715CCE6-8987-9901-2E03-84A41BA95A23} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{772B0D55-0E68-9937-8D1C-CDEC09E6A800} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77B4CE71-F8EB-D009-07EA-8D5437684795} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77B59253-1EC2-426E-12F5-9FF91789B58A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7A17D452-5366-FB37-2CDC-ED02830D7B54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AC66D02-E97D-3115-35F2-0428823161F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7ADC69FB-D4BB-499D-B4CB-4F5E7FBE1F1A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B30C370-FA75-1822-2540-7558BEE71EA1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B5897CE-01D2-D7AF-61DB-36843E94F97E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7E35BA92-B311-70A1-8E0E-EE430F0CC372} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7F30F321-C739-EF24-325A-56BFA8FAA3BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7FCAD8DF-0B29-F72D-3A4A-26C69B0EE416} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80F9AF81-3EAC-2434-C117-26B9A88BCE7F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8197D9D4-6CA4-7CF3-8ACF-F779FCD1B906} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84B658EB-29F0-B010-66F5-E418F9AAFDC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{850CEB9A-AF22-5C40-8C3A-0AB13F515CF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{869A435E-A2CA-C25A-6C7F-6172DC1B036F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{86F96D10-6C70-9565-AF19-7745B99E461D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8705901D-8680-E8CA-FBE0-7D485E343513} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88C96295-FCAE-0B3D-8F00-3F0E0A009428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88F0B4E2-69B2-6CA5-7ADE-EE3BF0432FD0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8A21261B-1D1C-3E80-0116-95C04A8233EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8B818713-3A0C-4B60-78A0-D1C38B1E7C16} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8B818F6C-9632-19DE-8680-233C397A97AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8C97901F-C265-0C0E-4AC6-66EC3DC64B4E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D2942C0-2035-7625-E8F8-2E5B50597B92} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8DD0E093-F203-A226-34B6-803644787EFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8E0CFF9A-9D92-AC99-FA0C-7E94D6A0CF0D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8F6BBF73-238E-F740-3C8E-35F4A99E10D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{91DDF694-E89B-DFA7-5A22-4CF7BB27F1B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9330FA17-207B-8C8A-8A1A-7D04ECCE10CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{933D30C5-9078-8EAC-2095-31F02FC90427} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{94CABCE6-9B61-8B2A-60F8-442B3E29E73B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{979130FE-70C0-35E6-DFA3-4D4D55876849} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{97E5C8C2-A677-8AF0-992D-76300B4C0DD6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9819E734-ABC7-8536-E943-A461C8EBAC8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98211CC6-07C7-122B-026F-9791038EBAB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9909396E-A25C-7E2A-352D-32FB283C4EEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A680459-4010-FA2E-EC15-175ADE2D5377} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9AE8676B-FF71-6D02-4787-3721FF3B52A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B0F7030-AF9E-455A-F0F3-B9E15FD227AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B1A2625-49C3-7881-A453-1C2B2E4282F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B29D802-7874-33C4-8499-151A3683ADD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9CC24F8C-C090-F78B-2849-1C3653933660} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9ED8F3B4-54EF-916F-F314-9E0AA1CBAA46} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9F1DF47B-EB7B-6789-0D82-E2A50C229205} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A12F8C71-8266-116B-4118-FD5124D815E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1366D01-84C0-2558-F68D-17874321A0CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1C91D26-6BFE-9DA5-0C53-AC5009FD3DC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A228710E-2CE8-F8F6-81BD-7CC3A16C63D0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A27CDECD-100E-4D81-C7F0-7E2D9F1C3BE0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A2D58F5F-FDD4-A3C2-E881-7146EE2CC672} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A3D347B5-8D22-1E55-4D3E-C94C91F76762} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A50865E4-41F3-A6FC-9B1B-A396EC13BEFB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A7595DD0-954D-787A-73FC-769C95DF9F01} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8A6D469-369F-3458-9CB6-13F81431144C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8D08A14-55CC-81EB-BF8B-F83DC9F8EC18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A96C5AC5-3757-499C-81C5-9CE344BBEFEC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA5122C2-9CC4-CAB5-D846-92AD1A79589B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABB2630D-61F6-BCAF-850C-D9085124F78C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABE2DA2C-85E3-CA0C-79FC-63F0410FA2E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC152C0C-381B-A230-6B29-1A23741F4A9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC50F23D-F99D-EE5A-71F2-ABCB913DE13A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC5FBA74-3B09-DD85-9101-E3BA6AA5F315} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC66039A-44B4-0E4D-E13B-CB89AA76166A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ACBA3A3A-36D8-85F0-BD24-C1698545899F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ADCDEB91-0598-F6B4-C015-DD1DF78A7639} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AE721233-0FEA-4847-4C92-FDF523518F56} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF5F0291-9DCD-6129-BACC-2E13E716BC71} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF5FDECD-1ED9-A1EC-D3B8-8211759346FD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B255CF17-988E-8993-4B11-EE0312E09D84} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4D22ABC-3E31-6C0E-3927-DA54258D30DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B5C669AE-EA19-B1C5-01F0-6512716B3157} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6F39436-B55A-8D4D-6E92-1B81D55EBAEF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B790743D-68F0-283C-84D9-C4283C242C14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B7B878BD-A926-D6ED-AE35-ADEE91D3109D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B877A895-E66D-9B51-2A5E-B2821E0C16B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B878818F-2279-A2FE-62AA-5B8166B041ED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9D8F3ED-1174-822B-0E20-AC75935EF98A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BC16830F-15E4-B4E2-9CB7-2F1F8290291C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BE2B01AC-C74F-FE86-69B1-C961A25C369C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF1DF99D-6BD4-9618-1150-AB8EA227AC2B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF8C66F5-1A2F-25AD-C2FA-D06309B1DD27} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFD31A50-347C-461D-D47A-686D4852C0B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0C47BA7-3AAA-10E3-3AED-070DDAD18C68} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0D6E167-F604-CDF7-7A32-C71266D013DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E427E7-172F-33A0-D910-8BF6CF786822} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C15F2371-A742-8BA9-7A00-54C987BB597F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C25DEE89-8CBA-D734-B7F0-2039B6065737} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C46F610F-69B8-0E43-0278-24EDA37E1513} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4D260B4-E413-A143-55E3-1DD630C18DD1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C649E716-3432-9ED8-A74F-7B789784477D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C726D36D-9BDF-0383-F849-161DD3B7B85F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C77119AD-B010-7430-67AD-6E3A4C0E744C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C875F177-8D58-138B-0691-2EFDEAC8E0AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C936E078-AF90-6FBC-5868-5DBE20436E47} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C94F2EE8-3174-6518-7215-F26EDE3A2130} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBCBACBA-B5C6-0928-434A-CE4EEBE36A38} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC15449D-564B-BFBD-010F-5C0D90856CC3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CDF81721-038E-C0DA-5870-A3CF1EBA96B9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEAF915F-9569-B828-05C8-89CE7AC8D2B6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEEC69B5-0380-F78A-088D-A205E618F50B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CF3F3E61-9595-B4D3-EC0A-2911D33AF9CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CF550B9D-3735-B065-B10F-6FBED6C70DA4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0F03457-32E5-5715-6CDD-72C94F05ABBE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2B7BAA3-33AD-6C59-40FC-FCC46F8F765E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2C0B816-9CAB-4B57-F1BE-E489A7313EA8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2C22B7F-8DD3-0C16-DA5B-AF1BC159FCC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D30E66BC-5959-629E-617E-21F47716C337} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D321DC4E-C5C1-733A-6B36-D1F22AA3BC87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D352E086-4102-D235-8A51-A66EB227E8CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6C341F6-6A72-BA75-4844-5F1A7649C3EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F7942A-2903-FD22-A0E5-7716B284A428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8F5208D-1C62-D1EA-50E4-3BAB8F309D7A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA5DBC97-A7E1-478B-B55A-267B4B54F8EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBD3F02E-11A4-02EE-B06F-9E0E988D0090} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBF9F02E-3228-CEAC-5B78-70AE0D8E8BEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD27625A-DB28-F315-0405-729F194BD480} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD2786BE-3BE2-FC80-F475-561735175B9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD55C19C-D822-880A-0874-6BF6A5E1DA20} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEF96F22-09FE-A03B-064A-02E148E88A17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DFC62350-1E0B-BBD2-4CDB-757B623F0FD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E29CD8F5-8770-88FC-7869-830FD4AAE7E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2E2B119-D1A3-9315-CE56-02822929B0FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2F0712F-9E43-CF54-86D0-C0E27572FBE1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E367875D-9ADF-EE62-EABB-EB82124F8315} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E565738F-00B5-BD54-344E-CE29CDEF3F6F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E66033D3-0B56-750C-2254-9C91038A086C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E69D821E-A0D8-880B-A771-4CEAE70AC39A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E738C6A5-3A2F-F02D-4D80-960CA934569F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7E1386A-12D3-8E93-955B-0A8C7D74C8E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E86C7D81-082E-CE87-01F2-F6A5456A5DD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E89B84AA-277A-8BE4-4FED-6F8144C175E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EB63E320-5E1D-A1CC-878B-832365F1D0E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EB9D49EC-FBD4-F316-F1CC-39564BD3E5B7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ECCFC5E3-D622-3E69-7884-827C0967AE85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED76F3B6-4551-44D7-6C98-2DE3A15D8E95} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDA6D516-33B7-258C-7426-9D5699E6B02B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDCB31B0-4821-FE62-875A-52D24E43E8CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFBC894E-C716-CF6F-30F0-1F1AE60E2401} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F11B9E4D-B77C-5AF4-6B2F-2B125404061A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F33B84B4-9B35-0407-3C12-7ABB0397E43F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F450941B-4277-1BB9-EB92-03745591F3DC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F4D7791F-ADA5-B851-33CA-06EB8529CE7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F61E8B04-2EF0-7873-877A-5D1E89822A7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F675DBF0-254F-4477-D7AB-E5B54EB51227} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F97EA0D8-DEB8-B23F-8A5E-6D4D68BB5BB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F97F2532-4324-0DA9-21C3-64C1650A6515} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBC1B2FF-838B-6257-27F0-2FD318F49B54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBC963C0-47A1-07C0-004E-D8258BEE3766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBD81A45-7D6E-CF78-2720-BF05C51B1F0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FCBFF6A4-6C0F-E57F-4DCD-3DECF316CA20} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD350929-ABF9-B29E-4912-9CF55B4CB92A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEDBC933-9884-74C8-1988-83E8B42CE43F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEE3991F-A9A9-FEB5-A46D-D1B381BB004A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{603960DA-2A41-E212-F1A7-5E1DBE5E69D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9070C2D6-B9E2-D48F-43DC-CF2B92C210CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110731.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110723.exe -> Adware.KillAndClean : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110735.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110704.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\a95kfrhe.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110581.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110582.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110583.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110584.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110585.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110738.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110690.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110699.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\719A0601-320F-410C-A84E-2F2B01\AE3F19F3-B591-4A91-9857-EC98C4 -> Adware.WareOut : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP198\A0113930.dll -> Backdoor.Padodor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP198\A0113943.exe -> Backdoor.Padodor.ax : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097316.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097342.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097366.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP189\A0098839.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP190\A0101955.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP191\A0102088.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP195\A0108363.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP196\A0110556.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110599.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\AuthMgr.INI:fejam -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Coffee Bean.bmp:mqosc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:cjzuu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:indjf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:zeadm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:lszsp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:vhzqw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\IfoEdit.INI:powli -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824105.log:kmwra -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824105.log:zjytz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824141.log:xcrsl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824146.log:fxrhc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:eqnyj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828741.log:ywlqv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB833987.log:ponoh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:ljzax -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:ftchu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:thdrk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:pbdlz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:hklgo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Model.txt:xjkih -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\NeroDigital.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:alrvt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:ixsvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:xejuq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:pdesm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PI4_setup.ini:payst -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:tzqpa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q819696.log:yvhew -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGULOCS.OLD:wwpgi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\River Sumida.bmp:byimi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SCENARIO1.INI:etnfj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:nqrem -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:ooamw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:wvjtw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:dqztk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:smtvz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Umr.html:jiloc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Umr.html:zlhba -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:admpq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:bhwdi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:akpms -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:atdlc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:aywpp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ayxlm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:azuha -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:azvfu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:brbnc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:bvjel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:bwcks -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:byoak -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:cbmja -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ciill -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:cqccv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dfecv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dgbzp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dhxxi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:esjtp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:fkojs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:fqcmvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gqcbn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gsmrs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gugke -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gyzpe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hajhp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hbtto -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hhdxb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hhvbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hmtgo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ibfpnt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ifnpx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ignad -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\azwdv.log:hfcfh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bxesa.log:bzjbz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cdplayer.ini:ziyls -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:butgq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:kcdet -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:rayzh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:zbhpp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cmsetacl.log:ipocu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cpnkq.log:pljte -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cpnkq.log:rhtwr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cuyts.txt:anyuw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cyjqx.dat:mtqqn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:udqzq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dlwhu.log:hazdz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ekjby.txt:gkoae -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ekjby.txt:orzto -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\encore_launcher.ini:yykdn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\enofv.dat:jdevz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\enofv.dat:jhtjj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\epfkt.txt:lmgoy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\explorer.scf:paakr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\eypmt.dat:aeveh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\faehv.log:siqqa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fojrw.log:ebezw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fswao.log:zrvga -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fxaff.dat:kmrnl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gimiz.dat:hssey -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gimiz.dat:ocaqb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gjbxu.txt:acxel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gjbxu.txt:cejpr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hkqxm.txt:iysqk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hsquv.dat:kxobq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iPlayer.INI:euqjy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iPlayer.INI:nyuku -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iasqq.txt:llatw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:xossc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jfrml.txt:uwxju -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jtnva.dat:feyla -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jtnva.dat:rawas -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jxjsy.log:bolql -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ldnat.txt:kuhcp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lusqj.log:frelr -> Downloader.Agent.bc : Cleaned with
Title: Return User
Post by: chewman on February 22, 2007, 08:20:57 AM
Machine runs alot quicker, THANKS!

One thing I noticed is that the mouse scroll wheel is dead.  Any help on that?
Title: Return User
Post by: NaCoTiX on February 22, 2007, 09:04:12 AM
[quote name=\'chewman\' post=\'290842\' date=\'Feb 22 2007, 01:20 PM\']Machine runs alot quicker, THANKS!

One thing I noticed is that the mouse scroll wheel is dead.  Any help on that?[/quote]New mouse.
Title: Return User
Post by: chewman on February 22, 2007, 11:10:11 PM
GUESTOLO:
If you get a change, could you give the logs a quik look?
Title: Return User
Post by: guestolo on March 10, 2007, 09:59:11 AM
Sorry for my long absence Chewman
Everything still running good?

Could I see a fresh hijackthis log if your still around please
Title: Return User
Post by: chewman on March 12, 2007, 07:36:30 PM
[quote name=\'guestolo\' post=\'299500\' date=\'Mar 10 2007, 08:59 AM\']Sorry for my long absence Chewman
Everything still running good?

Could I see a fresh hijackthis log if your still around please[/quote]
Thing are better.....hope all is fine w/u!
Here is a fresh HJT log.

One other thing...when removing MicroSoft Anti-Spyware I got this msg....
Setup is unable to log into the TrueVector service.  Install cannot continue
without logging into the TrueVector service.

Please use the service manager to shut down the TrueVector service
and the restart the installer program.

Logfile of HijackThis v1.99.1
Scan saved at 20:23, on 07-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173095021000 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173095021000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173095009718 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173095009718\")
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
Title: Return User
Post by: guestolo on March 12, 2007, 10:54:54 PM
Do a "System scan only" with Hijackthis and put a check next to these entries:

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - (no file)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
Quote
when removing MicroSoft Anti-Spyware I got this msg....
Setup is unable to log into the TrueVector service. Install cannot continue
without logging into the TrueVector service.

Please use the service manager to shut down the TrueVector service
and the restart the installer program.
TrueVector is related to ZoneAlarm
You may have to try uninstall and reinstall
Here's some directions I found that may work
Quote
Open the ZoneAlarm program, go to the OVERVIEW -> PREFERENCES tab, and make sure the Load At Startup box is UNchecked. Close the program, then right-click on the ZA icon and select Shutdown.

REBOOT.

You should now have no ZoneAlarm processes running on your system.

Now click Start -> Programs -> Zone Labs -> Uninstall. Be sure to say YES to the security check.

WARNING - Do NOT run the ZoneAlarm Uninstall program while in Safe Mode unless absolutely necessary. The program may not be able to make the proper registry changes in Safe Mode, thus generating errors after a reboot.

REBOOT.

To make sure that you can see the ZoneAlarm system files, if they are still on your computer:
a. Right-click on Start, then left-click on Explore. When the Windows Explorer panel appears:

Click Tools -> Folder Options. Click the "View" tab, then click the "Show hidden files and folders" radio button.

b. Make sure you also UNcheck the box to "Hide Protected Operating System Files" if you have one.
c. When searching, be sure it searches ALL hidden files and folders (in XP: check Advanced search settings)
d. Click OK.

IMPORTANT NOTE: Making modifications to system files may disable crucial functions of your Windows operating system. I strongly suggest re-enabling the "Hide files and folders" feature once all ZoneAlarm files have been removed.

Click on Start, then Search or Find, and select Files. Make sure that the location box is set to search your local hard drive (usually C: ) or All Local Drives.

Type the following exactly and delete the folder:

zonelabs (under your SYSTEM or SYSTEM32 folder)
"zone labs" (under your Program Files folder)
"Internet logs" (under your Windows or WINNT folder)

Type the following exactly - delete files found in \Windows or any subfolder below it, in your \Temp folder, or in the Windows "Pre-Fetch" folder):

vsconfig.xml
vsdata.dll
vsdata95.vxd
vsdatant.sys
vsmon.*
vsmonapi.dll
vsnetutils.dll
vspubapi.dll
zaplus.*
zapro.*
zllictbl.dat
zlparser.dll
zonealarm.exe
zoneband.dll

vsutil.dll (please right-click, Properties -> Version to be sure it is a ZA file. Do NOT delete this file unless it is a Zone Labs file!)

Make sure your Recycle Bin is empty (right-click and select Empty).
REBOOT

NOTE: If you received an error message upon deleting the files, or if the original programs remain in the Programs list, or if the problem persists after this, removing the files in Safe Mode will allow you to delete the files properly.

Now you should be able to get a clean install of the new version. Be sure to NOT use the old settings as this can cause further difficulties if the database is corrupt.

Can you post one last hijackthis log after the above please
Title: Return User
Post by: chewman on March 12, 2007, 10:58:27 PM
Thanks will try that tomorrow.  still working at my job from home.  Being oncall suxs!
Title: Return User
Post by: chewman on March 14, 2007, 12:44:01 PM
I was going to uninstall + re-install ZONEALARM but decided not to.

here is my latest HJT:
Logfile of HijackThis v1.99.1
Scan saved at 08:29, on 07-03-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173095021000 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173095021000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173095009718 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173095009718\")
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
Title: Return User
Post by: guestolo on March 14, 2007, 10:16:27 PM
Quote
I was going to uninstall + re-install ZONEALARM but decided not to.
OK then, I'll consider your problems resolved and lock this topic
Take care Chewman