Return User

[chewman]

You guys helped me out before...hoping you can again. Getting system errors and system runs slow. Here's my HJT file.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Logfile of HijackThis v1.99.1
Scan saved at 11:00:55 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\SPYGUARD\AVSched32.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [hlfxpk] C:\WINDOWS\system32\htbgqm.exe reg_run
O4 - HKLM\..\Run: [dmsev.exe] C:\WINDOWS\system32\dmsev.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dimyr] C:\WINDOWS\system32\htbgqm.exe reg_run
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: abnhw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\SPYGUARD\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe

[guestolo]

Sorry for the delay, if you still need a hand with your log
Can i have you post a fresh hijackthis log please

Are you able to post a fresh hijackthis log from Normal windows?
It appears you may have posted one from safe mode

[chewman]

Thanks for your reply.  Here is the the log you requested, it's not from a "safe mode" boot:
Logfile of HijackThis v1.99.1
Scan saved at 9:52:16 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SPYGUARD\AVWUPSRV.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SPYGUARD\AVSched32.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\xpupdate.exe
C:\Program Files\SpyMarshal\SpyMarshal.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\John\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\SPYGUARD\AVSched32.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [dmcnc.exe] C:\WINDOWS\system32\dmcnc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\SPYGUARD\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\~tmp0374.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe

[guestolo]

Hi again, Print these instructions or save them too a text file on desktop

 Can you ensure that you ONLY run hijackthis from this location
C:\Program Files\HJT\HijackThis.exe

I'm a little confused about one entry in your hijackthis log
C:\Program Files\SPYGUARD\AVWUPSRV.EXE
Do you actually have an Antispyware program installed from Avira called SpyGuard?
The other SpyGuard is rogue, access your add/remove programs and remove it

If you have 2 AntiVirus software running, this is not wise, choose which your happiest with and uninstall the other

Can I have you download some tools please
==Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later

==Download this file - Combofix.exe and save it too desktop, we'll need it later

==Download FixwareOut from one of the following sites:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe
Save it too desktop, we'll need it later

==Download the latest version of  [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Note : [color=\"#00BFFF\"]process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Please disable your antispyware protections so they won't interfere with any fixes
AntiVir>>Deactivate the SpyGuard please

Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Leave these disabled till we have you all clean


==Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\byxzl.dll/sp.html#12047
R3 - URLSearchHook: (no name) - {76D6E9FB-0E44-D01E-D83F-7B3F19FF7438} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe

O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - (no file)
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [d3xh32.exe] C:\WINDOWS\d3xh32.exe
O4 - HKLM\..\Run: [CToolBar] teqq32.exe
O4 - HKLM\..\Run: [panel_its] ERTYDF.exe

O4 - HKLM\..\Run: [364tvb384] C:\WINDOWS\system32\z1615.exe asycf74
O4 - HKLM\..\Run: [dmcnc.exe] C:\WINDOWS\system32\dmcnc.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SysEntry] gabber.exe
O4 - HKCU\..\Run: [trycrt] sound64.exe
O4 - HKCU\..\Run: [systemdll] 34763.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D5C528-BDFF-42AD-9E62-92274856BC93}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A78E0C5-7634-42CA-9FC5-7A6E1E89ECC8}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7981E690-8BED-430A-9B2B-6B8F1F5069AC}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{26E089F4-8A5B-413D-800F-3BFB569B4CFA}: NameServer = 85.255.116.85,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.85 85.255.112.147

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\system32\oaundkw.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ccakki32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\~tmp0374.exe


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on FixWareout.exe
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads, it will open a textfile. Save that log, because I need it later.

==Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account

==Open the SmitfraudFix folder you extracted to desktop earlier

• Double-click smitfraudfix.cmd
  
• Press any key to continue
• Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  
  
• You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  
  
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

In Safe Mode again:

SDFix
Go to START>>My Computer>>Double click to open the C:\ folder

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  

Back in Normal Windows
DO the following
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE: [color=\"#FF0000\"]ONLY[/color] if you have connection problems after performing any of the above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Post back all the following please, even if it takes more than one reply to do so

1. Post the log from Combofix   >> C:\Combofix.txt
2. Post the log from SDFix>>"Report.txt" within the SDFix folder
3. Post the log from FixWareout
3. Post a fresh Hijackthis log

[chewman]

Followed the instructions you have given me.  Here are the logs you requested, only problem, AutoScam has been running for over 30mns....report not supplied:
HJT LOG:


Logfile of HijackThis v1.99.1
Scan saved at 14:24, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe





SDFix LOG:

SDFix: Version 1.65

Run by: John - 07-02-19 @ 13:33:59.90

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IE Updater

Path:
C:\~tmp0374.exe /start

Microsoft IE Updater Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\Z310.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3101.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3111.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3128.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3151.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3174.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3202.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3251.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3273.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3283.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3325.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3344.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3364.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3437.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3446.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3478.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3479.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3485.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3486.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3491.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3499.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3530.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3552.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3558.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3560.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3579.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3588.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3592.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3611.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3615.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3631.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3641.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3703.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3755.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3772.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z378.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3783.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3809.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3815.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3822.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3832.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3843.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3844.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3845.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3927.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3957.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3967.DLL - Deleted
C:\WINDOWS\SYSTEM32\Z3997.DLL - Deleted
C:\svchost.exe - Deleted
C:\WINDOWS\system32\ksl48.bin - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msrp32.exe - Deleted



ADS Check:

C:\WINDOWS\system32
  :bbaa.dll                               5392
Total size: 5392 bytes.

 Removing ADS...

system32: deleted 5392 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

                                 Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:explorer"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\Explorer.EXE:*:enabled:Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Munchie\Application Data\Earthlink\6.0\[email protected]\Favorites\Desktop.ini
C:\Documents and Settings\Tishy\Application Data\Earthlink\6.0\[email protected]\Favorites\Desktop.ini
C:\Program Files\Canon\Memory Card Utility\iP6700D\uinstrsc.dll
C:\Program Files\Canon\Memory Card Utility\iP6700D\Maint.exe
C:\Documents and Settings\Munchie\Local Settings\Temp\winF865.tmp
C:\Program Files\InterActual\InterActual Player\iti16.tmp

                                 Finished





SmitFraudFix
SmitFraudFix v2.142

Scan done at 13:25:55.56, 07-02-19
Run from C:\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="DDE Control Module"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1  localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\SpyGuard\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="DDE Control Module"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"



»»»»»»»»»»»»»»»»»»»»»»»» End




Fixwareout

 
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmdqx"
HKLM\SOFTWARE\~\Winlogon\ "System"="csihf.exe"

»»»»» System restarted
 
»»»»» Postrun check
HKLM\SOFTWARE\~\version\Run\ "dmdqx"
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "phqgh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "pgtshlld"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nidnsdr"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23naelch"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "aplnsftn"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23rtcdaol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "lgemd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "1dedoc"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "llams_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "domdnb"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "orcimlh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23tsniow"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "24"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "emvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "39"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "40"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "41"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "42"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "43"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "44"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "45"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "46"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "47"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "48"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "49"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "50"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "51"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "52"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "53"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "54"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "55"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "56"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "57"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "58"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "59"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "60"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "61"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "62"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "63"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "64"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "65"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "66"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ixcmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "golmedi"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tbwmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C7808CDBA304-D449-FF84-09DE-ECC9278E{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}53A97BAD26F7-FE18-F1D4-1C4D-7AB94060{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E483B7EA84EC-D33A-EDB4-2907-72F51AFF{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}496472C8A074-6179-7B14-BB03-5779A6F5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}77B2198E4842-D0A8-43D4-4365-12416B4A{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9320F0D0EA63-6F39-7E04-21A2-8252ADAC{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "quwmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6D5E69AE1035-8678-98F4-9BB7-4461924B{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}896C0F118AD9-965B-A9B4-D596-9387EA58{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4FA8B150F877-0979-8104-D6D4-09AE0A1F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}347B2A8E5C74-6528-5D54-6D91-68485539{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EE67D02E3F8C-E479-0DA4-88EF-D03F8019{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DF01266C4D45-F2B8-2DB4-D6C5-3AEF92D0{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}958DBFE4B781-593A-4C14-5787-7D2ABF2F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}550A8007CA3D-F21A-5024-A4ED-7EB67084{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}26024FF4CA24-E108-51E4-9CA6-16D5A55D{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EF2D7665DD71-476B-93B4-D9EB-FF20D34B{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6374BBE0E3C4-B83A-3704-4646-F347DBDE{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3B84D98A7C9F-54A9-EAF4-2FF0-25DE17D5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7281DAD5B256-D049-C974-6BDD-F80119E1{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DC45BFC3305A-4F2A-8074-69CC-EF9DCBF1{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FDDA7050D0D4-F2D9-1184-489C-2607A88C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C64C6539B4FA-CA4A-7354-A681-98BC1201{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C09792DCAD6B-8EF8-A8A4-06F2-C5715531{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}246B4C2858A4-AEAB-41A4-07EA-FC6F546E{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9943231218EE-40F8-F9D4-BB3E-7DDA982C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1660D75619C1-3E9B-4F64-BC84-18EF974C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}88CE78E2BD16-024B-5564-0DA6-51DF2864{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}008D3B9981DA-28AB-D4A4-12E1-F3DD69F5{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CA828382D088-EF98-6E14-821A-6EE10D9D{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8DCA6B1C6E71-D5BA-9E74-B73E-75A2883C{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1FC5C7D4FFFB-C479-4974-4129-C4D0E473{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7AE688982284-39AA-0484-8E80-C4E080BB{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}798841EE118B-DEDA-5C24-BE8F-986B2C5F{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}34681DB436A4-780B-4234-FECA-8EEC32A7{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6B86C7E6792B-77F9-1EB4-35E1-F7E8E1D9{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F23D51D6C833-E9BB-E614-8141-9A0A49CB{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}75BDDDE9EB3D-04F8-2644-3BAA-76E87734{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}766780304602-68B8-E744-8774-21373D91{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}72AB5C53EDB4-9098-1254-0FB0-BC39CCF8{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xqdmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "pgtshlld"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1dedoc"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llams_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ytpme"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "domdnb"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "orcimlh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23tsniow"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "emvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "owt"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2mdm"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7805B3096F43-81C8-4BC4-B9C6-C82A52B9{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A44EA6F0748C-DB4B-4D34-4F28-C46F821B{"  Deleted
HKLM\~\currentversion\run "dmdqx.exe"  Deleted
C:\WINDOWS\System32\dmwbt.exe  Deleted
C:\WINDOWS\System32\dmwuq.exe  Deleted
C:\WINDOWS\System32\csyai.exe  Deleted
C:\WINDOWS\System32\fretj.exe  Deleted
C:\WINDOWS\System32\xvwjg.exe  Deleted
....
»»»»» Misc files.
C:\Documents and Settings\John\Application Data\Install.dat Deleted
C:\Documents and Settings\John\Application Data\kc.tmp Deleted
C:\Documents and Settings\John\Application Data\uns.tmp Deleted
C:\Documents and Settings\John\Application Data\wo.tmp Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
c:\documents and settings\john\favorites\AdultGambling.url Deleted
c:\documents and settings\john\favorites\Download Free Spyware Remover.url Deleted
c:\documents and settings\john\favorites\Free Online Dating.url Deleted
c:\documents and settings\john\favorites\[censored] Real Girls.url Deleted
c:\documents and settings\john\favorites\Kill Annoying Popups.url Deleted
c:\documents and settings\john\favorites\NEW VIAGRA at Half Price!.url Deleted
c:\documents and settings\john\favorites\Online Chat With Nude Girls.url Deleted
c:\documents and settings\john\favorites\Order CIALIS online without leaving home..url Deleted
c:\documents and settings\john\favorites\PC protection in under 2 minutes!.url Deleted
c:\documents and settings\john\favorites\Remove Toolbars.url Deleted
c:\documents and settings\john\favorites\SEX Dating - Real Girls For Real SEX.url Deleted
c:\documents and settings\john\favorites\Spyware Uninstall.url Deleted
c:\documents and settings\john\favorites\SPYWARE.url Deleted
c:\documents and settings\john\favorites\Stop PopUps On Your Computer.url Deleted
c:\documents and settings\john\favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
c:\documents and settings\john\favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINDOWS\BALLOON.WAV Deleted
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\drivers\zpmodemnt.sys Deleted
C:\WINDOWS\System32\filesafer23.exe Deleted
C:\WINDOWS\System32\howiper.exe Deleted
C:\WINDOWS\System32\msblank.html Deleted
C:\WINDOWS\System32\setupcarnival.exe Deleted
C:\WINDOWS\xpupdate.exe Deleted
c:\documents and settings\john\favorites\Online Pharmacy  Deleted
c:\documents and settings\john\favorites\Sex and Dating  Deleted
c:\documents and settings\john\favorites\Spyware Uninstall  Deleted
C:\Program Files\KillAndClean  Deleted
C:\WINDOWS\system32\{06049BA7-D4C1-4D1F-81EF-7F62DAB79A35}.exe Deleted
C:\WINDOWS\system32\{0D29FEA3-5C6D-4BD2-8B2F-54D4C66210FD}.exe Deleted
C:\WINDOWS\system32\{1021CB89-186A-4537-A4AC-AF4B9356C46C}.exe Deleted
C:\WINDOWS\system32\{1355175C-2F60-4A8A-8FE8-B6DACD29790C}.exe Deleted
C:\WINDOWS\system32\{19D37312-4778-447E-8B86-206403087667}.exe Deleted
C:\WINDOWS\system32\{374E0D4C-9214-4794-974C-BFFF4D7C5CF1}.exe Deleted
C:\WINDOWS\system32\{378D3FEC-3877-40EB-9E9E-68F666204163}.exe Deleted
C:\WINDOWS\system32\{3F165C10-A647-4F0F-9A97-4D60F3B156BF}.exe Deleted
C:\WINDOWS\system32\{43778E67-AAB3-4462-8F40-D3BE9EDDDB57}.exe Deleted
C:\WINDOWS\system32\{4682FD15-6AD0-4655-B420-61DB2E87EC88}.exe Deleted
C:\WINDOWS\system32\{48076BE7-DE4A-4205-A12F-D3AC7008A055}.exe Deleted
C:\WINDOWS\system32\{5D71ED52-0FF2-4FAE-9A45-F9C7A89D48B3}.exe Deleted
C:\WINDOWS\system32\{5F6A9775-30BB-41B7-9716-470A8C274694}.exe Deleted
C:\WINDOWS\system32\{5F96DD3F-1E21-4A4D-BA82-AD1899B3D800}.exe Deleted
C:\WINDOWS\system32\{7A23CEE8-ACEF-4324-B087-4A634BD18643}.exe Deleted
C:\WINDOWS\system32\{85AE7839-695D-4B9A-B569-9DA811F0C698}.exe Deleted
C:\WINDOWS\system32\{8FCC93CB-0BF0-4521-8909-4BDE35C5BA27}.exe Deleted
C:\WINDOWS\system32\{9108F30D-FE88-4AD0-974E-C8F3E20D76EE}.exe Deleted
C:\WINDOWS\system32\{93558486-19D6-45D5-8256-47C5E8A2B743}.exe Deleted
C:\WINDOWS\system32\{9B25A28C-6C9B-4CB4-8C18-34F6903B5087}.exe Deleted
C:\WINDOWS\system32\{9D1E8E7F-1E53-4BE1-9F77-B2976E7C68B6}.exe Deleted
C:\WINDOWS\system32\{A4B61421-5634-4D34-8A0D-2484E8912B77}.exe Deleted
C:\WINDOWS\system32\{B128F64C-82F4-43D4-B4BD-C8470F6AE44A}.exe Deleted
C:\WINDOWS\system32\{B4291644-7BB9-4F89-8768-5301EA96E5D6}.exe Deleted
C:\WINDOWS\system32\{B43D02FF-BE9D-4B39-B674-17DD5667D2FE}.exe Deleted
C:\WINDOWS\system32\{BB080E4C-08E8-4840-AA93-482289886EA7}.exe Deleted
C:\WINDOWS\system32\{BC94A0A9-1418-416E-BB9E-338C6D15D32F}.exe Deleted
C:\WINDOWS\system32\{C289ADD7-E3BB-4D9F-8F04-EE8121323499}.exe Deleted
C:\WINDOWS\system32\{C3882A57-E37B-47E9-AB5D-17E6C1B6ACD8}.exe Deleted
C:\WINDOWS\system32\{C479FE81-48CB-46F4-B9E3-1C91657D0661}.exe Deleted
C:\WINDOWS\system32\{C88A7062-C984-4811-9D2F-4D0D0507ADDF}.exe Deleted
C:\WINDOWS\system32\{CADA2528-2A12-40E7-93F6-36AE0D0F0239}.exe Deleted
C:\WINDOWS\system32\{D55A5D61-6AC9-4E15-801E-42AC4FF42062}.exe Deleted
C:\WINDOWS\system32\{D9D01EE6-A128-41E6-89FE-880D283828AC}.exe Deleted
C:\WINDOWS\system32\{E645F6CF-AE70-4A14-BAEA-4A8582C4B642}.exe Deleted
C:\WINDOWS\system32\{EDBD743F-6464-4073-A38B-4C3E0EBB4736}.exe Deleted
C:\WINDOWS\system32\{F1A0EA90-4D6D-4018-9790-778F051B8AF4}.exe Deleted
C:\WINDOWS\system32\{F2FBA2D7-7875-41C4-A395-187B4EFBD859}.exe Deleted
C:\WINDOWS\system32\{F5C2B689-F8EB-42C5-ADED-B811EE148897}.exe Deleted
C:\WINDOWS\system32\{FFA15F27-7092-4BDE-A33D-CE48AE7B384E}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

C:\WINDOWS\system32\cscfd.exe 51261 06-04-23
C:\WINDOWS\system32\csivc.exe 51751 06-10-26


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\dmdqx.ren 61023 04-08-03



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"CamMonitor"="C:\\Program Files\\HP\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\HP\\HP Share-to-Web\\hpgs2wnd.exe"
"PDUiP6700DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6700D\\PDUiP6700DMon.exe"
"CanonMyPrinter"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6021\\SiteAdv.exe"
"hlfxpk"="C:\\WINDOWS\\system32\\htbgqm.exe reg_run"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"dimyr"="C:\\WINDOWS\\system32\\htbgqm.exe reg_run"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

[chewman]

I also restarted my machine and Zonelarm shows a pgm called Ldgdca32.exe is trying to ass the internet.  Was this part of the "ComboFixe.exe?

[guestolo]

Since it's been awhile since I supplied a fix \

Can you please supply a fresh hijackthis log in case your serious about fixing this machine

[chewman]

This is da latest from c:/Program Files/HijackThis.exe:

Logfile of HijackThis v1.99.1
Scan saved at 20:01, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xdrkq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jyyobrl.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe

[guestolo]

Can you do the following please

Download [color=\"blue\"]haxfix.exe[/color]
and save it to your desktop.

• Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  
• Checkmark "Create a desktop icon"
• Click "Next"
• When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
• Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

• Select option 2. Run auto fix by typing 2 and then pressing Enter
  

If an infection is found, you'll get a message to close all other open windows.

• Close all open windows except the red dos window from haxfix and then press Enter
  
• The computer will reboot
• After reboot a logfile will open > (c:\haxfix.txt)
• Save this log somewhere you will remember, like on desktop

Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip[list=1]

• Unzip all files to a convenient location such as C:\Qoofix.
• Go to the folder you unzipped all files and run Qoofix.exe.
• Click Begin Removal and wait for the scan to finish.
  
• If an infection has been found, select yes to restart your computer.
  

Finally post a new HijackThis log and the contents of the Qoofix logfile along with the log from Haxfix

[chewman]

Here we go:

HAXFIX logfile - by Marckie

version 4.37
07-02-19  20:22:16.40
 
--- Auto Haxdoorfix ---


searching for files:
 
no infections found


--- Goldunfix ---


searching for files:
 

checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
ideusr50
 
searching for services:
idersrvc


deleting service idersrvc
[SWSC] DeleteService SUCCESS
 
 
.....rebooting the computer.....  
 
 
searching for ssodlkeys

not needed  


searching for notifykeys

notifykey ideusr50 not found


searching for services

service idersrvc not found


searching for safeboot services

not needed  


searching for files
 
ideusr50.dll exists  
deleting ideusr50.dll
ideusr50.dll has been deleted
 
idersrvc.sys exists  
deleting idersrvc.sys
idersrvc.sys has been deleted


checking for other files
 
ksl48.bin exists  
deleting ksl48.bin
ksl48.bin has been deleted
 

checking for a3d files

no a3d files found


Finished








Qoofix v1.04 by http://www.malwarebytes.org
Scan started on [07-02-19] at [20:42:29]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [07-02-19] at [20:43:46]

Note: Some registry keys may have been removed.












Logfile of HijackThis v1.99.1
Scan saved at 20:54, on 07-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\htbgqm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\TEMP\svchost.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\WINDOWS\system32\Ldgdca32.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: zonealarm.exe.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FILEZILLA SVR\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe

[guestolo]

A little better, still some work to do

Download About:Buster from here:
http://www.malwarebytes.org/AboutBuster.zip
Unzip it to the desktop, but do [color=\"#0000FF\"]NOT run it just yet.[/color]

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need this later

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color]

• Save the installer to desktop
• Double click the installer, select your language, and then select "OK"
• Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
     
  
• AVG will now install and afterwards click FINISH
     
  
• AVG Anti-Spyware 7.5 should now Load
• Click the Update tab at the top. Under Manual Update click Start update.
     
  
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner tab at the top
     
  
• Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
  "Only if Threats are found" IS NOT selected
  

CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"


Ensure that Microsofts Anti-Spyware protections are disabled, as to not interfere

Do a "System scan only" with Hijackthis and put a check next to these entries:

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.

Find and delete this file
C:\WINDOWS\system32\Ldgdca32.exe<-this file, exact spelling

============================================
==Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
==================================================

Load AVG Anti-Spyware 7.5

• Click on the Scanner tab at the top
     
  
• Cick on Complete System Scan.
  This scan can take a while to run, let it run uninterrupted
   
  
• When the scan is complete it will list any infections found on the left hand side.
• Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
   
  
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file  (like on the Desktop).
  

I will need to see this log later

run About:Buster and click Begin Removal to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log".
This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

Restart the computer back to Normal windows

Back in Windows
Go ahead and install the latest version of Java from the installer you saved to desktop earlier

Post back the following
1. Post a fresh hijackthis log
2. Post the Whole report from AVG-Antispyware
3. Post the log from AboutBuster>>AB Logfile.txt

[chewman]

installing AVG bur install seems to be "stuck" at installing gaurd.exe/install.  Task Mgr is showing several "Ldgdca32.exe's.

Any thoughts?

[guestolo]

Open task manager and end process on any Ldgdca32.exe's

Then try installing AVG

I edited my instructions with AboutBuster just a bit

[chewman]

Task Mgr wasn't responding.....turned off machine.....doing the following then re-istalling AVG Anti-Spyware 7.5:

Reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Find and delete this file
C:\WINDOWS\system32\Ldgdca32.exe<-this file, exact spelling

[chewman]

Installed AVG.....got the following error when trying to do the following:

Do a "System scan only" with Hijackthis and put a check next to these entries:

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipel32.exe (file missing)





An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

[chewman]

Continuing with the rest of your instructions.

[chewman]

All done :


with this exception:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

AVG LOG---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   23:20 07-02-19

 + Scan result:   



C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader\30o21YKUWZPM -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AutoLoader\30oK1YKUWZPM -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110689.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Asd3.TestMyIE2\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{007FBB10-29F9-1035-4BC6-EADBD6D78464} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{010A99FA-9882-49E3-F544-44129592A646} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0144BFA4-0B7F-AD08-70B4-D0CB8681927E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{01DD3C0B-760F-349E-147E-03404280DA8F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{035AB507-A454-30C0-7879-F028430BA8A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04CABB8A-1C34-EAB8-A8CB-9FFB336540D4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04FA0937-0930-1006-31A1-535AEA9649FE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{059571E8-E486-1B82-E2B1-5E7F1A56B1E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05D28462-944E-6985-69CD-AF3E4EABB1C8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{064CE72F-402C-6FA9-72C8-ADF5FEC210AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{07FCAF49-FD62-5DEF-3389-86CC7653686C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08982F71-2D81-FE94-902C-1F610D4507B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0ADC4EA8-88E9-0336-6EB6-BF9DB04B13C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B01EADD-4EEA-1744-7321-45BB28A5E86A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B03A0B6-16B3-A425-EE96-A2D79D21C656} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B5FA233-21D3-D511-CADA-148239911966} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D477064-C0A0-92DC-477A-47E26D658ED6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D6DF7B4-0791-C370-E841-7B9D73209399} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E3BEE03-C426-F488-CA26-D938932339AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E5EA4C0-B875-E8EB-6346-37389658CBB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0FCDFA68-74F9-605A-8029-180E50A9964A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{10DB1C9B-ADDF-61CA-1C8A-E71824C7095A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1393F29F-3AD1-88F1-8182-7EBCC2149DC1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{145E2E36-9557-E8ED-B3E6-8C523800B7CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{146A4A8B-66F9-80FA-6E14-51A6991BAC7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{146C42AD-EBB6-43E5-C5BA-DB26064A7470} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1487B770-6A12-97D9-7B4A-24F6E0B7B61F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15169BF7-4D6B-25BA-10D4-D4B3372CA27F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1726BB1C-92AA-0B00-1211-47F4A3A3EEA0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17336823-C09C-0112-2E17-24CDEF3210FE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18BD7678-F3E6-0F97-58E1-25729D99EF1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19A72A9E-9283-25A1-64C8-866A3A28A5F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19E67B9F-AA15-C7B4-F1B2-7123D9904006} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B1DA145-B3CE-F574-FA22-F80D9CFEDEF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1C802FC2-0FBE-6831-98C8-B57153BA99B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1CC73956-BD3E-B7C2-91C6-AC8D12653645} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DD3D11A-3109-1C20-8BD5-58F5241F1766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DE9D3C3-1F3E-3BCC-8E64-E73BCDC73BFE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DEAC208-7D07-8540-058A-CF49D6A25C2D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DF2044E-54E9-138A-9C50-43F180D78BEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1E6232D0-6D88-B285-E180-CDD5A3EB81A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1E91EDCD-5D77-5592-4D1A-99285FEF3484} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F3C3714-CA96-D3D9-77F0-375ADE521DFA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F5FE910-5ABC-E653-29DC-12E244065137} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FA6740E-EFFA-5A22-3EBB-3FEAEF48F18E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FA74F44-BE14-6F79-094E-4760D87A1B13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{204CF7AD-DECD-3393-D1C2-CF61EC78EE41} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21038A27-B7B7-5C1A-532D-FF4CF172CF7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22B4B257-69AE-8C5F-DBD2-FA0E6A98AA9E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22E2AB09-0048-1FF5-A3E7-70536A1077C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24A65122-E418-D30F-9B86-0FC7CF1A477D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24E085E6-A513-1BB9-B89C-40092BAEC3AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{255C680E-EE44-9B93-ED72-6344AA27F1B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25877FBF-1323-1925-B74C-5B9440716CDF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{26565460-D3FF-D0D6-C07D-1F260FA16CC8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{26F824B1-3210-2E17-0339-3763F421ECEA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27D033EA-BD9C-D255-4074-1A53C42880AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2ABCBCF0-8C96-2872-D4B2-E7057D74D936} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2C9FB350-1F61-9DFE-1F19-BA68037F1E85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DAA6992-F22A-144A-88BA-7AD0571824B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DB33C9A-486B-0088-7058-260CEBB2901E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2E6CDBB1-05CF-AC3A-EFB0-319C0875DD54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2EDD9108-F5D8-936A-8F9A-116CB847DCC0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FA30FBE-52D6-760C-819A-ECC0872CC2F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FC735CE-855B-F1B2-A6ED-CAEA0E1EA230} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3091EAAE-EA3F-5AF5-61EB-FF47DFCAB8E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{30C16827-1FE8-9C39-95A4-CA3E7FEC6A5D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32620F8C-DCE8-E07F-3BD4-E69AA6B34342} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32D49AC6-E2D7-4904-D7DB-D80E36A7A1A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3427F1C9-F259-B31A-97AA-AC97C3A2E177} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{34601DD7-1E8A-D921-D291-3E41DC92883F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{347C1703-1261-677F-2F95-8E86B36EE44A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{353955DE-0A8B-BAA1-4E05-45BA788C8A1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{36B5C765-C685-F8E0-C22A-C7E299E5DBE3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38991D10-CBCA-F8EF-3BAC-A55F194EE6B4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A6D4A75-035C-3482-B127-1A32586AA762} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C21EAED-F454-E176-15F0-6596002902B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C4AC4EC-FE88-B619-D551-78D33D1F43F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C5C4850-36D4-6572-6140-C96039A1ECF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3DD7AE9F-F8EB-AF16-2B02-2A988BE51A9C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F300A97-6990-3673-92B7-FCDF52055C5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4054D236-524F-3C5F-6F45-BD878D877CD7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{40679120-E85E-36A3-1F67-C69B6C67564C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{424E3970-C42B-B0EE-5949-FE8987AD05F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{424ECF3F-0AA2-ED97-35AB-180E7F0F8EB4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4257FD6F-CC6E-C899-A041-064CA1A2E04A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{42786F80-1824-F742-19A7-AE3363AF607E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{477DF9B4-C171-F601-74D6-D3697B4B1E8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{49AC57E8-353B-7743-0031-4EF11F75AAF4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A5C0B03-44B3-2F5D-257F-562F674EEA19} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4AA3BE08-9CE4-7D9F-F202-DA39AAEC5E43} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C18C6B1-6A70-27D0-30C0-7557B18963E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C1A6D23-ABA7-8BFA-255F-F1EC493706F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C57E717-CFF7-3593-E15F-0DB069077A96} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EEA0D22-A231-FA24-2605-CBA388EAC447} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4FBD5745-B5C3-0C90-BAD1-7677913D28A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{50B91207-4289-28BE-FC70-4CE72F0402CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5121C34F-9558-986B-9B86-B10A646B0ADE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{52ECF232-74FC-F601-5130-3F286CC40343} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{535C0AC4-7A9A-D625-3C05-BD827CE8A41E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538D316B-A3A2-1200-EE47-1BEF8BCDD755} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538EEB8F-48F3-4823-CA19-09ED9EFBD83E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{544F8ECF-7661-CF47-2FD0-EA32255B9B7C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{557DB264-B787-9FAF-B38E-5229D7E658DF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55AC4EE7-4B4F-A677-88EE-C19AD29C7B4D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56797143-E10D-7419-5DA8-0CA0118FB27B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57431542-0B78-C8F5-0587-4323710F1B6B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57C0C13E-E95C-411D-BCD9-A537E6B2AA24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57E6A677-F1C2-427F-A8EB-9D6D26F602D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58A3B91E-A75A-8511-4324-2C08241EDB1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58BA44D2-4E05-CF21-D46C-343B479557D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AA172E2-6059-7715-0AA0-87AE593D8F51} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B264A71-ACA3-B02C-C94B-CE36D3C130D4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BD77D9A-0FBD-7D9B-A984-E95897A73BF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C8F854E-7CEA-C523-244D-78543DBCC516} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D1F9D91-369E-9436-1F3D-1D229ECB536B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DD9363D-9344-7F98-092E-C89C21F50B8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E401E95-F815-BE2D-118F-4939794C5869} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E8BA5AA-42CF-368F-88E1-1CDF46D25744} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5ED0322D-E61A-0915-184A-5DEFC6990411} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5FFCDEE9-901B-22A9-1E8A-80C150D6A16B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{602CDF71-C65F-C2D9-F3F1-A7464BF6D83A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61BA9713-4C7D-321C-7CDA-2D19B793429D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67293992-3673-B33A-B89D-CC5E1227D820} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67B80809-7CF1-F9C2-0414-F6035AB85372} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A75C515-CC5F-6696-8035-27DB2757E092} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6B2E69E2-80CF-0FCD-2529-005B76F6EB87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CA48318-B290-E202-B535-B2649B563FF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D25C675-70D8-EC23-84B5-DA5169D62ABC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D909587-C3B7-83AE-F036-1E663153BA5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{710CE7D8-7CDF-35F3-6A22-9AEB843DD571} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7121259F-441E-E13B-61A6-168C5EC38A14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{74350DCA-A542-D7B4-3901-455AF6D1F483} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{744FBCBB-B55D-0FBB-058F-6B2CF3E8A4A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{74EE63C1-C2F6-8F52-938B-84D9F1EAC423} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75AF0B00-D89D-D529-63DB-460FA539C3A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75BB4F6B-5C13-57AB-D6BE-6255AE9F8D33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75BC0FE9-0320-B195-F169-906263F5741D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75C38C94-6CDD-2721-E20A-041C3BD770C1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{76F53757-9FEA-7D69-1396-53BBD24BD3EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7715CCE6-8987-9901-2E03-84A41BA95A23} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{772B0D55-0E68-9937-8D1C-CDEC09E6A800} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77B4CE71-F8EB-D009-07EA-8D5437684795} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77B59253-1EC2-426E-12F5-9FF91789B58A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7A17D452-5366-FB37-2CDC-ED02830D7B54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AC66D02-E97D-3115-35F2-0428823161F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7ADC69FB-D4BB-499D-B4CB-4F5E7FBE1F1A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B30C370-FA75-1822-2540-7558BEE71EA1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B5897CE-01D2-D7AF-61DB-36843E94F97E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7E35BA92-B311-70A1-8E0E-EE430F0CC372} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7F30F321-C739-EF24-325A-56BFA8FAA3BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7FCAD8DF-0B29-F72D-3A4A-26C69B0EE416} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80F9AF81-3EAC-2434-C117-26B9A88BCE7F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8197D9D4-6CA4-7CF3-8ACF-F779FCD1B906} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84B658EB-29F0-B010-66F5-E418F9AAFDC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{850CEB9A-AF22-5C40-8C3A-0AB13F515CF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{869A435E-A2CA-C25A-6C7F-6172DC1B036F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{86F96D10-6C70-9565-AF19-7745B99E461D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8705901D-8680-E8CA-FBE0-7D485E343513} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88C96295-FCAE-0B3D-8F00-3F0E0A009428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88F0B4E2-69B2-6CA5-7ADE-EE3BF0432FD0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8A21261B-1D1C-3E80-0116-95C04A8233EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8B818713-3A0C-4B60-78A0-D1C38B1E7C16} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8B818F6C-9632-19DE-8680-233C397A97AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8C97901F-C265-0C0E-4AC6-66EC3DC64B4E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D2942C0-2035-7625-E8F8-2E5B50597B92} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8DD0E093-F203-A226-34B6-803644787EFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8E0CFF9A-9D92-AC99-FA0C-7E94D6A0CF0D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8F6BBF73-238E-F740-3C8E-35F4A99E10D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{91DDF694-E89B-DFA7-5A22-4CF7BB27F1B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9330FA17-207B-8C8A-8A1A-7D04ECCE10CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{933D30C5-9078-8EAC-2095-31F02FC90427} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{94CABCE6-9B61-8B2A-60F8-442B3E29E73B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{979130FE-70C0-35E6-DFA3-4D4D55876849} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{97E5C8C2-A677-8AF0-992D-76300B4C0DD6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9819E734-ABC7-8536-E943-A461C8EBAC8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98211CC6-07C7-122B-026F-9791038EBAB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9909396E-A25C-7E2A-352D-32FB283C4EEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A680459-4010-FA2E-EC15-175ADE2D5377} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9AE8676B-FF71-6D02-4787-3721FF3B52A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B0F7030-AF9E-455A-F0F3-B9E15FD227AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B1A2625-49C3-7881-A453-1C2B2E4282F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B29D802-7874-33C4-8499-151A3683ADD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9CC24F8C-C090-F78B-2849-1C3653933660} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9ED8F3B4-54EF-916F-F314-9E0AA1CBAA46} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9F1DF47B-EB7B-6789-0D82-E2A50C229205} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A12F8C71-8266-116B-4118-FD5124D815E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1366D01-84C0-2558-F68D-17874321A0CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1C91D26-6BFE-9DA5-0C53-AC5009FD3DC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A228710E-2CE8-F8F6-81BD-7CC3A16C63D0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A27CDECD-100E-4D81-C7F0-7E2D9F1C3BE0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A2D58F5F-FDD4-A3C2-E881-7146EE2CC672} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A3D347B5-8D22-1E55-4D3E-C94C91F76762} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A50865E4-41F3-A6FC-9B1B-A396EC13BEFB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A7595DD0-954D-787A-73FC-769C95DF9F01} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8A6D469-369F-3458-9CB6-13F81431144C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8D08A14-55CC-81EB-BF8B-F83DC9F8EC18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A96C5AC5-3757-499C-81C5-9CE344BBEFEC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA5122C2-9CC4-CAB5-D846-92AD1A79589B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABB2630D-61F6-BCAF-850C-D9085124F78C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABE2DA2C-85E3-CA0C-79FC-63F0410FA2E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC152C0C-381B-A230-6B29-1A23741F4A9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC50F23D-F99D-EE5A-71F2-ABCB913DE13A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC5FBA74-3B09-DD85-9101-E3BA6AA5F315} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC66039A-44B4-0E4D-E13B-CB89AA76166A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ACBA3A3A-36D8-85F0-BD24-C1698545899F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ADCDEB91-0598-F6B4-C015-DD1DF78A7639} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AE721233-0FEA-4847-4C92-FDF523518F56} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF5F0291-9DCD-6129-BACC-2E13E716BC71} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF5FDECD-1ED9-A1EC-D3B8-8211759346FD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B255CF17-988E-8993-4B11-EE0312E09D84} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4D22ABC-3E31-6C0E-3927-DA54258D30DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B5C669AE-EA19-B1C5-01F0-6512716B3157} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6F39436-B55A-8D4D-6E92-1B81D55EBAEF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B790743D-68F0-283C-84D9-C4283C242C14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B7B878BD-A926-D6ED-AE35-ADEE91D3109D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B877A895-E66D-9B51-2A5E-B2821E0C16B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B878818F-2279-A2FE-62AA-5B8166B041ED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9D8F3ED-1174-822B-0E20-AC75935EF98A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BC16830F-15E4-B4E2-9CB7-2F1F8290291C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BE2B01AC-C74F-FE86-69B1-C961A25C369C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF1DF99D-6BD4-9618-1150-AB8EA227AC2B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF8C66F5-1A2F-25AD-C2FA-D06309B1DD27} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFD31A50-347C-461D-D47A-686D4852C0B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0C47BA7-3AAA-10E3-3AED-070DDAD18C68} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0D6E167-F604-CDF7-7A32-C71266D013DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E427E7-172F-33A0-D910-8BF6CF786822} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C15F2371-A742-8BA9-7A00-54C987BB597F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C25DEE89-8CBA-D734-B7F0-2039B6065737} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C46F610F-69B8-0E43-0278-24EDA37E1513} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4D260B4-E413-A143-55E3-1DD630C18DD1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C649E716-3432-9ED8-A74F-7B789784477D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C726D36D-9BDF-0383-F849-161DD3B7B85F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C77119AD-B010-7430-67AD-6E3A4C0E744C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C875F177-8D58-138B-0691-2EFDEAC8E0AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C936E078-AF90-6FBC-5868-5DBE20436E47} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C94F2EE8-3174-6518-7215-F26EDE3A2130} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBCBACBA-B5C6-0928-434A-CE4EEBE36A38} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC15449D-564B-BFBD-010F-5C0D90856CC3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CDF81721-038E-C0DA-5870-A3CF1EBA96B9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEAF915F-9569-B828-05C8-89CE7AC8D2B6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEEC69B5-0380-F78A-088D-A205E618F50B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CF3F3E61-9595-B4D3-EC0A-2911D33AF9CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CF550B9D-3735-B065-B10F-6FBED6C70DA4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0F03457-32E5-5715-6CDD-72C94F05ABBE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2B7BAA3-33AD-6C59-40FC-FCC46F8F765E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2C0B816-9CAB-4B57-F1BE-E489A7313EA8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2C22B7F-8DD3-0C16-DA5B-AF1BC159FCC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D30E66BC-5959-629E-617E-21F47716C337} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D321DC4E-C5C1-733A-6B36-D1F22AA3BC87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D352E086-4102-D235-8A51-A66EB227E8CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6C341F6-6A72-BA75-4844-5F1A7649C3EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F7942A-2903-FD22-A0E5-7716B284A428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8F5208D-1C62-D1EA-50E4-3BAB8F309D7A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA5DBC97-A7E1-478B-B55A-267B4B54F8EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBD3F02E-11A4-02EE-B06F-9E0E988D0090} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBF9F02E-3228-CEAC-5B78-70AE0D8E8BEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD27625A-DB28-F315-0405-729F194BD480} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD2786BE-3BE2-FC80-F475-561735175B9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD55C19C-D822-880A-0874-6BF6A5E1DA20} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEF96F22-09FE-A03B-064A-02E148E88A17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DFC62350-1E0B-BBD2-4CDB-757B623F0FD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E29CD8F5-8770-88FC-7869-830FD4AAE7E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2E2B119-D1A3-9315-CE56-02822929B0FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2F0712F-9E43-CF54-86D0-C0E27572FBE1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E367875D-9ADF-EE62-EABB-EB82124F8315} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E565738F-00B5-BD54-344E-CE29CDEF3F6F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E66033D3-0B56-750C-2254-9C91038A086C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E69D821E-A0D8-880B-A771-4CEAE70AC39A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E738C6A5-3A2F-F02D-4D80-960CA934569F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7E1386A-12D3-8E93-955B-0A8C7D74C8E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E86C7D81-082E-CE87-01F2-F6A5456A5DD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E89B84AA-277A-8BE4-4FED-6F8144C175E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EB63E320-5E1D-A1CC-878B-832365F1D0E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EB9D49EC-FBD4-F316-F1CC-39564BD3E5B7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ECCFC5E3-D622-3E69-7884-827C0967AE85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED76F3B6-4551-44D7-6C98-2DE3A15D8E95} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDA6D516-33B7-258C-7426-9D5699E6B02B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDCB31B0-4821-FE62-875A-52D24E43E8CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFBC894E-C716-CF6F-30F0-1F1AE60E2401} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F11B9E4D-B77C-5AF4-6B2F-2B125404061A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F33B84B4-9B35-0407-3C12-7ABB0397E43F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F450941B-4277-1BB9-EB92-03745591F3DC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F4D7791F-ADA5-B851-33CA-06EB8529CE7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F61E8B04-2EF0-7873-877A-5D1E89822A7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F675DBF0-254F-4477-D7AB-E5B54EB51227} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F97EA0D8-DEB8-B23F-8A5E-6D4D68BB5BB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F97F2532-4324-0DA9-21C3-64C1650A6515} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBC1B2FF-838B-6257-27F0-2FD318F49B54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBC963C0-47A1-07C0-004E-D8258BEE3766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBD81A45-7D6E-CF78-2720-BF05C51B1F0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FCBFF6A4-6C0F-E57F-4DCD-3DECF316CA20} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD350929-ABF9-B29E-4912-9CF55B4CB92A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEDBC933-9884-74C8-1988-83E8B42CE43F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEE3991F-A9A9-FEB5-A46D-D1B381BB004A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{603960DA-2A41-E212-F1A7-5E1DBE5E69D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9070C2D6-B9E2-D48F-43DC-CF2B92C210CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A084A565-B09B-4E4C-A497-7CC50AEAB2A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110731.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110723.exe -> Adware.KillAndClean : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110735.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110704.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\a95kfrhe.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110581.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110582.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110583.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110584.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110585.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110738.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110690.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110699.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\719A0601-320F-410C-A84E-2F2B01\AE3F19F3-B591-4A91-9857-EC98C4 -> Adware.WareOut : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP198\A0113930.dll -> Backdoor.Padodor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP198\A0113943.exe -> Backdoor.Padodor.ax : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097316.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097342.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP182\A0097366.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP189\A0098839.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP190\A0101955.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP191\A0102088.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP195\A0108363.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP196\A0110556.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8530D718-CF9A-4D7B-A34F-6F0BA1522F67}\RP197\A0110599.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\AuthMgr.INI:fejam -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Coffee Bean.bmp:mqosc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:cjzuu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:indjf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:zeadm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:lszsp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:vhzqw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\IfoEdit.INI:powli -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824105.log:kmwra -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824105.log:zjytz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824141.log:xcrsl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824146.log:fxrhc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:eqnyj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828741.log:ywlqv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB833987.log:ponoh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:ljzax -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:ftchu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:thdrk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:pbdlz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:hklgo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Model.txt:xjkih -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\NeroDigital.ini:qofht -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:alrvt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:ixsvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:xejuq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:pdesm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PI4_setup.ini:payst -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:tzqpa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q819696.log:yvhew -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGULOCS.OLD:wwpgi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\River Sumida.bmp:byimi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SCENARIO1.INI:etnfj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:nqrem -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:ooamw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:wvjtw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:dqztk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:smtvz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Umr.html:jiloc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Umr.html:zlhba -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:admpq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:bhwdi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:akpms -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:atdlc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:aywpp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ayxlm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:azuha -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:azvfu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:brbnc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:bvjel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:bwcks -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:byoak -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:cbmja -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ciill -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:cqccv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dfecv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dgbzp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:dhxxi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:esjtp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:fkojs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:fqcmvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gqcbn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gsmrs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gugke -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gyzpe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hajhp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hbtto -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hhdxb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hhvbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:hmtgo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ibfpnt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ifnpx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:ignad -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\azwdv.log:hfcfh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bxesa.log:bzjbz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cdplayer.ini:ziyls -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:butgq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:kcdet -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:rayzh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cjlnn.log:zbhpp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cmsetacl.log:ipocu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cpnkq.log:pljte -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cpnkq.log:rhtwr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cuyts.txt:anyuw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cyjqx.dat:mtqqn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:udqzq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dlwhu.log:hazdz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ekjby.txt:gkoae -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ekjby.txt:orzto -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\encore_launcher.ini:yykdn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\enofv.dat:jdevz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\enofv.dat:jhtjj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\epfkt.txt:lmgoy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\explorer.scf:paakr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\eypmt.dat:aeveh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\faehv.log:siqqa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fojrw.log:ebezw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fswao.log:zrvga -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fxaff.dat:kmrnl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gimiz.dat:hssey -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gimiz.dat:ocaqb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gjbxu.txt:acxel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gjbxu.txt:cejpr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hkqxm.txt:iysqk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hsquv.dat:kxobq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iPlayer.INI:euqjy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iPlayer.INI:nyuku -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iasqq.txt:llatw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:xossc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jfrml.txt:uwxju -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jtnva.dat:feyla -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jtnva.dat:rawas -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jxjsy.log:bolql -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ldnat.txt:kuhcp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lusqj.log:frelr -> Downloader.Agent.bc : Cleaned with

[chewman]

Machine runs alot quicker, THANKS!

One thing I noticed is that the mouse scroll wheel is dead.  Any help on that?

[NaCoTiX]

[quote name=\'chewman\' post=\'290842\' date=\'Feb 22 2007, 01:20 PM\']Machine runs alot quicker, THANKS!

One thing I noticed is that the mouse scroll wheel is dead.  Any help on that?[/quote]New mouse.

[chewman]

GUESTOLO:
If you get a change, could you give the logs a quik look?