ArchiveData(auto-quarantine- 2007-06-16 13-55-16.bckp) Referencefile : SE1R174 04.06.2007 ====================================================== ADWARE.WEBBUYING »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Process : C:\Program Files\Web Buying\v1.6.8\webbuying.exe obj[4]=Regkey : appid\{4886e1bd-560b-4d75-ad85-d66cce2ddf53} obj[5]=Regkey : clsid\{c318cd44-e327-4377-a28e-6ec16a921ae8} obj[6]=RegValue : clsid\{c318cd44-e327-4377-a28e-6ec16a921ae8} "AppID" obj[7]=Regkey : interface\{15ceb2d5-4e8f-4b18-b335-34a5995db3e8} obj[8]=Regkey : interface\{839df29d-6993-475a-9411-b2da1b9819b6} obj[9]=Regkey : typelib\{20e65ac6-c457-484d-b386-ad2db3753865} obj[28]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{c318cd44-e327-4377-a28e-6ec16a921ae8} obj[68]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "WebBuying" obj[136]=Regkey : appid\popengine.dll obj[137]=Regkey : plugin.plugin obj[138]=Regkey : plugin.plugin.1 obj[139]=Regkey : software\webbuying obj[140]=RegValue : software\webbuying "cid" obj[141]=RegValue : software\webbuying "eu" obj[142]=RegValue : software\webbuying "wb" obj[143]=RegValue : software\webbuying "dchp" obj[144]=RegValue : software\webbuying "dcfg" obj[145]=RegValue : software\webbuying "cc" obj[146]=RegValue : software\webbuying "ses" obj[147]=RegValue : software\webbuying "cps" obj[148]=RegValue : software\webbuying "fcpti" obj[149]=RegValue : software\webbuying "pct" obj[150]=RegValue : software\webbuying "pcnt" obj[151]=RegValue : software\webbuying "dd" obj[152]=RegValue : software\webbuying "fpnt" obj[153]=RegValue : software\webbuying "lpnt" obj[154]=RegValue : software\webbuying "fpt" obj[155]=RegValue : software\webbuying "lpt" obj[156]=Regkey : software\microsoft\windows\currentversion\uninstall\webbuying obj[157]=RegValue : software\microsoft\windows\currentversion\uninstall\webbuying "UninstallString" obj[158]=Folder : C:\Program Files\Web Buying obj[242]=File : c:\program files\web buying\v1.6.8\webbuying.exe obj[256]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042797.exe WIN32.TROJAN.KOLWEB »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[1]=Process : C:\WINDOWS\system32\drivere.dll obj[21]=Regkey : clsid\{de0b3210-b828-475b-96f0-6796fe533e46} obj[46]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{de0b3210-b828-475b-96f0-6796fe533e46} obj[361]=File : C:\WINDOWS\system32\drivere.dll BOOKEDSPACE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[2]=Process : C:\WINDOWS\cfg32.exe obj[10]=Regkey : appid\{90a52f08-64ac-4dc6-9d7d-451667029898} obj[11]=Regkey : clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898} obj[12]=RegValue : clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898} "AppID" obj[13]=Regkey : scaggy.insert.1 obj[14]=Regkey : typelib\{90a52f08-64ac-4dc6-9d7d-451667029898} obj[15]=Regkey : appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3} obj[16]=Regkey : interface\{41e74c20-8bbd-4b15-8c24-95bac7b3bac1} obj[36]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{c68ae9c0-0909-4ddc-b661-c1afb9f59898} obj[55]=Regkey : CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} obj[56]=Regkey : CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA} obj[57]=RegValue : CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA} "AppID" obj[60]=Regkey : TYPELIB\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3} obj[61]=Regkey : TYPELIB\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} obj[62]=Regkey : CFG32S.Search obj[63]=Regkey : CFG32S.Search.1 obj[64]=Regkey : KBBar.KBBarBand obj[65]=Regkey : KBBar.KBBarBand.1 obj[66]=Regkey : Scaggy.Insert obj[67]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar "{669695BC-A811-4A9D-8CDF-BA8C795F261C}" obj[70]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7564B020-44E8-4c9b-A887-C6EC41AC67DA} obj[159]=Regkey : appid\scaggy.dll obj[160]=Regkey : interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee} obj[161]=Regkey : interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} obj[162]=Regkey : appid\cfg32s.dll obj[163]=Regkey : software\cfg32 obj[164]=Regkey : software\zabstract obj[165]=RegValue : software\zabstract "App1" obj[166]=RegValue : software\zabstract "App3" obj[167]=RegValue : software\zabstract "App4" obj[168]=RegValue : software\zabstract "App5" obj[169]=RegValue : software\zabstract "Version" obj[170]=RegValue : software\zabstract "BundleID" obj[171]=RegValue : software\zabstract "Parent" obj[172]=RegValue : software\zabstract "App2" obj[173]=RegValue : software\zabstract "CList" obj[174]=RegValue : software\zabstract "ThreadURL" obj[175]=RegValue : software\zabstract "ThreadAdUrl" obj[176]=RegValue : software\zabstract "ThreadWidth" obj[177]=RegValue : software\zabstract "ThreadHeight" obj[178]=RegValue : software\zabstract "ThreadType" obj[179]=RegValue : software\zabstract "ThreadPageDelay" obj[239]=File : c:\windows\cfg32s.dll obj[240]=File : c:\windows\cfg32r.dll obj[355]=File : C:\WINDOWS\cfg32o.dll obj[359]=File : C:\WINDOWS\stub_mma2.exe ADWARE.DOLLARREVENUE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[3]=Regkey : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} obj[180]=Regkey : software\effective-i obj[181]=Regkey : software\maxthon STARWARE TOOLBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[17]=Regkey : interface\{1758b8dd-8ece-435f-9036-b0554a784b1d} obj[18]=Regkey : interface\{e11bf42b-035d-4cc2-ab08-b040994e81f4} obj[19]=Regkey : interface\{ef242ebd-5dab-4f5c-8dee-2eea4fa056cd} obj[20]=Regkey : typelib\{d3253271-7537-4074-8c0c-271b64154805} obj[182]=Regkey : software\microsoft\windows\currentversion\uninstall\sssinst obj[183]=RegValue : software\microsoft\windows\currentversion\uninstall\sssinst "UninstallString" obj[184]=RegValue : software\microsoft\windows\currentversion\uninstall\sssinst "DisplayIcon" obj[185]=RegData : software\microsoft\internet explorer\main "Use Search Asst" WIN32.TROJANCLICKER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[22]=Regkey : clsid\{54645654-2225-4455-44a1-9f4543d34546} WIN32.TROJANDOWNLOADER.MURLO »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[23]=Regkey : appid\{36645342-9475-2663-166a-466739207346} obj[24]=Regkey : clsid\{36645342-9475-2663-166a-466739207346} WINANTIVIRUSPRO »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[25]=Regkey : clsid\{bba0c39a-46d8-436d-bf53-6fb84997bc6e} obj[26]=Regkey : clsid\{f93c5bff-16f9-4dc5-b78c-ec46f896ee56} obj[73]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f93c5bff-16f9-4dc5-b78c-ec46f896ee56} obj[186]=Regkey : software\microsoft\windows\currentversion\uninstall\install provider obj[187]=RegValue : software\microsoft\windows\currentversion\uninstall\install provider "UninstallString" obj[188]=RegValue : software\microsoft\windows\currentversion\uninstall\install provider "Path" obj[189]=Regkey : software\winantivirus pro 2007 obj[190]=Folder : C:\Program Files\Install Provider obj[191]=Folder : C:\Documents and Settings\User\Start Menu\Programs\Install Provider obj[356]=File : C:\WINDOWS\Downloaded Program Files\MiniInstaller.exe obj[370]=File : C:\WINDOWS\System32\atl71.dll UCMORE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[27]=Regkey : S-1-5-21-1482476501-1343024091-1957994488-1004\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e} obj[37]=Regkey : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator obj[38]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "UninstallString" obj[39]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "DisplayVersion" obj[40]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "HelpLink" obj[41]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "Publisher" obj[42]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "URLInfoAbout" obj[43]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "Contact" obj[44]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "Comments" obj[45]=RegValue : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator "DisplayIcon" obj[51]=RegValue : S-1-5-21-1482476501-1343024091-1957994488-1004\software\microsoft\internet explorer\toolbar "{44BE0690-5429-47f0-85BB-3FFD8020233E}" obj[52]=RegValue : S-1-5-21-1482476501-1343024091-1957994488-1004\software\microsoft\internet explorer\toolbar\webbrowser "{44BE0690-5429-47F0-85BB-3FFD8020233E}" obj[53]=RegValue : software\microsoft\internet explorer\toolbar "{44BE0690-5429-47f0-85BB-3FFD8020233E}" obj[192]=Regkey : software\effective-i obj[193]=Folder : C:\Documents and Settings\User\Start Menu\Programs\UCmore - The Search Accelerator obj[194]=Folder : C:\Program Files\TheSearchAccelerator obj[254]=File : C:\Program Files\TheSearchAccelerator\IUCmore.dll obj[255]=File : C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll obj[371]=File : C:\Documents and Settings\User\Start Menu\Programs\ucmore - the search accelerator\How To Uninstall.lnk obj[372]=File : C:\Documents and Settings\User\Start Menu\Programs\ucmore - the search accelerator\UCmore - The Search Accelerator.lnk obj[373]=File : C:\Documents and Settings\User\Start Menu\Programs\ucmore - the search accelerator\UCmore Tour.lnk obj[374]=File : C:\Program Files\thesearchaccelerator\INSTALL.LOG obj[375]=File : C:\Program Files\thesearchaccelerator\logo.ico obj[376]=File : C:\Program Files\thesearchaccelerator\toolbar.cfg obj[377]=File : C:\Program Files\thesearchaccelerator\UNWISE.EXE ALEXA »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[29]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} obj[30]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar" obj[31]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script" obj[32]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid" obj[33]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon" obj[34]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon" obj[35]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText" obj[48]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" obj[49]=RegValue : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" obj[50]=RegValue : S-1-5-21-1482476501-1343024091-1957994488-1004\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" WIN32.TROJANSPY.BZUB »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[47]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{36645342-9475-2663-166a-466739207346} obj[195]=RegValue : software\microsoft\windows\currentversion\control panel\load1 "cmpid" obj[362]=File : C:\WINDOWS\system32\ipv6mops.dll obj[368]=File : C:\WINDOWS\system32\xdkunaaa.exe WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[54]=RegData : S-1-5-21-1482476501-1343024091-1957994488-1004\software\microsoft\windows\currentversion\policies\system "DisableTaskMgr" ADWARE.Z-QUEST »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[58]=Regkey : CLSID\{8885566D-D258-48AA-844D-FF8F767833E1} obj[59]=Regkey : CLSID\{9743E1C4-D036-420F-B2E1-231908D33753} obj[71]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8885566D-D258-48AA-844D-FF8F767833E1} obj[72]=Regkey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9743E1C4-D036-420F-B2E1-231908D33753} obj[241]=File : c:\program files\common files\meno.dll obj[247]=File : C:\Program Files\Common Files\TTC.dll obj[257]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042798.dll obj[258]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042831.dll obj[259]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042864.dll obj[260]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042892.dll obj[261]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042929.dll obj[262]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\A0042999.dll obj[263]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP184\snapshot\MFEX-1.DAT obj[264]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP185\A0043234.dll obj[265]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP185\snapshot\MFEX-1.DAT obj[266]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP186\A0043265.dll obj[267]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP186\A0043302.dll obj[268]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP186\A0043333.dll obj[269]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP186\A0043345.dll obj[270]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP186\snapshot\MFEX-1.DAT obj[271]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP187\A0043377.dll obj[272]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP187\snapshot\MFEX-1.DAT obj[273]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP188\A0043408.dll obj[274]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP188\snapshot\MFEX-1.DAT obj[275]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP189\A0044408.dll obj[276]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP189\A0045408.dll obj[277]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP189\A0045439.dll obj[278]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP189\snapshot\MFEX-1.DAT obj[279]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\A0045470.dll obj[280]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\A0045499.dll obj[281]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\A0045528.dll obj[282]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\A0045542.dll obj[283]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\A0045573.dll obj[284]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP190\snapshot\MFEX-1.DAT obj[285]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP191\A0045588.dll obj[286]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP191\A0045600.dll obj[287]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP191\A0045611.dll obj[288]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045720.dll obj[289]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045752.dll obj[290]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045823.dll obj[291]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045833.dll obj[292]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045873.dll obj[293]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045904.dll obj[294]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045933.dll obj[295]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0045949.dll obj[296]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0046949.dll obj[297]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0047949.dll obj[298]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0047979.dll obj[299]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\A0048007.dll obj[300]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP192\snapshot\MFEX-1.DAT obj[301]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP193\A0048037.dll obj[302]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP193\snapshot\MFEX-1.DAT obj[303]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0049037.dll obj[304]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0049069.dll obj[305]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0049101.dll obj[306]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0050101.dll obj[307]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0051101.dll obj[308]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0051112.dll obj[309]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\A0051143.dll obj[310]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP194\snapshot\MFEX-1.DAT obj[311]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\A0052143.dll obj[312]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\A0053143.dll obj[315]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\A0053184.dll obj[316]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\snapshot\MFEX-1.DAT obj[317]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP196\A0054184.dll obj[318]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP196\A0056251.dll obj[319]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP196\snapshot\MFEX-1.DAT obj[320]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\A0057251.dll obj[321]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\A0057282.dll obj[322]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\A0057313.dll obj[323]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\A0057351.dll obj[324]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\A0058351.dll obj[325]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP197\snapshot\MFEX-1.DAT obj[326]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP198\A0060367.dll obj[327]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP198\A0060405.dll obj[328]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP198\snapshot\MFEX-1.DAT obj[329]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP199\A0060469.dll obj[330]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP199\A0060505.dll obj[331]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP199\A0060541.dll obj[332]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP199\A0060678.dll obj[333]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP199\snapshot\MFEX-1.DAT obj[334]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP200\A0061678.dll obj[335]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP200\A0061732.dll obj[336]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP200\snapshot\MFEX-1.DAT obj[337]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP201\A0061786.dll obj[338]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP201\A0061954.dll obj[339]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP201\snapshot\MFEX-1.DAT obj[357]=File : C:\WINDOWS\qwr67.exe obj[369]=File : C:\WINDOWS\VTTC.exe WIN32.TROJANDOWNLOADER.AGENT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[69]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "runner1" obj[196]=Regkey : software\ipwins obj[243]=File : c:\windows\retadpu1000106.exe obj[358]=File : C:\WINDOWS\retadpu2000219.exe obj[378]=File : C:\WINDOWS\wr.txt obj[379]=File : c:\windows\system32\rpcc.exe TRACKING COOKIE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[74]=IECache Entry : Cookie:user@statcounter.com/ obj[75]=IECache Entry : Cookie:user@hc2.humanclick.com/ obj[76]=IECache Entry : Cookie:user@ads.addynamix.com/ obj[77]=IECache Entry : Cookie:user@serving-sys.com/ obj[78]=IECache Entry : Cookie:user@4.adbrite.com/ obj[79]=IECache Entry : Cookie:user@adbrite.com/ obj[80]=IECache Entry : Cookie:user@www.burstnet.com/ obj[81]=IECache Entry : Cookie:user@adserver.softwareonline.com/ obj[82]=IECache Entry : Cookie:user@ad.yieldmanager.com/ obj[83]=IECache Entry : Cookie:user@ehg-pcsecurityshield.hitbox.com/ obj[84]=IECache Entry : Cookie:user@keywordmax.com/ obj[85]=IECache Entry : Cookie:user@tribalfusion.com/ obj[86]=IECache Entry : Cookie:user@stats1.reliablestats.com/ obj[87]=IECache Entry : Cookie:user@kontera.com/ obj[88]=IECache Entry : Cookie:user@questionmarket.com/ obj[89]=IECache Entry : Cookie:user@real.com/ obj[90]=IECache Entry : Cookie:user@casalemedia.com/ obj[91]=IECache Entry : Cookie:user@atdmt.com/ obj[92]=IECache Entry : Cookie:user@netster.com/ obj[93]=IECache Entry : Cookie:user@realmedia.com/ obj[94]=IECache Entry : Cookie:user@data.coremetrics.com/ obj[95]=IECache Entry : Cookie:user@goclick.com/ obj[96]=IECache Entry : Cookie:user@heavycom.122.2o7.net/ obj[97]=IECache Entry : Cookie:user@findwhat.com/ obj[98]=IECache Entry : Cookie:user@tacoda.net/ obj[99]=IECache Entry : Cookie:user@indexstats.com/ obj[100]=IECache Entry : Cookie:user@bs.serving-sys.com/ obj[101]=IECache Entry : Cookie:user@~~local~~/ obj[102]=IECache Entry : Cookie:user@zedo.com/ obj[103]=IECache Entry : Cookie:user@doubleclick.net/ obj[104]=IECache Entry : Cookie:user@mediaplex.com/ obj[105]=IECache Entry : Cookie:user@searchportal.information.com/ obj[106]=IECache Entry : Cookie:user@hitbox.com/ obj[107]=IECache Entry : Cookie:user@advertising.com/ obj[108]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@2o7[2].txt obj[109]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@ad.yieldmanager[1].txt obj[110]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@adlegend[1].txt obj[111]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@ads.addynamix[2].txt obj[112]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@advertising[1].txt obj[113]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@as-us.falkag[2].txt obj[114]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@atdmt[1].txt obj[115]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@bilbo.counted[2].txt obj[116]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@casalemedia[2].txt obj[117]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@centrport[1].txt obj[118]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@clkhype.adbureau[1].txt obj[119]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@doubleclick[1].txt obj[120]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@fastclick[2].txt obj[121]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@maxserving[2].txt obj[122]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@mediaplex[1].txt obj[123]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@perf.overture[1].txt obj[124]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@pro-market[1].txt obj[125]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@realmedia[2].txt obj[126]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@revenue[1].txt obj[127]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@servedby.advertising[2].txt obj[128]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@targetnet[2].txt obj[129]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@tickle[1].txt obj[130]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@tradedoubler[1].txt obj[131]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@trafficmp[2].txt obj[132]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@tripod[1].txt obj[133]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@valuead[1].txt obj[134]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@www.directnetadvertising[2].txt obj[135]=IECache Entry : C:\Documents and Settings\Red McHugh\Cookies\red mchugh@z1.adserver[1].txt IBIS TOOLBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[197]=Regkey : software\microsoft\mediaplayer\control\playbar obj[198]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrHighlight" obj[199]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrForeColor" obj[200]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrBackColor" obj[201]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrDownload" obj[202]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrViewed" obj[203]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrStatic" obj[204]=Regkey : software\northcode inc obj[205]=RegValue : software\microsoft\internet explorer\main "AutoSearch" obj[206]=RegData : software\microsoft\internet explorer\main "Use Search Asst" obj[207]=Folder : C:\Program Files\Common Files\WinTools obj[244]=File : C:\Documents and Settings\Red McHugh\Local Settings\Temp\IExploreSkins.exe obj[245]=File : C:\Documents and Settings\Red McHugh\Local Settings\Temp\temp.cab obj[246]=File : C:\Documents and Settings\Red McHugh\Local Settings\Temporary Internet Files\Content.IE5\01234567\toolbar3[1].cab obj[248]=File : C:\Program Files\Common Files\WinTools\WSup.exe obj[249]=File : C:\Program Files\Common Files\WinTools\WToolsA.exe obj[250]=File : C:\Program Files\Common Files\WinTools\WToolsB.dll obj[251]=File : C:\Program Files\Common Files\WinTools\WToolsD.cfg obj[252]=File : C:\Program Files\Common Files\WinTools\WToolsS.exe obj[340]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP68\A0006354.exe obj[341]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP68\A0006381.exe obj[342]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP68\A0006382.exe obj[343]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP68\A0006383.exe obj[344]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP68\A0006384.dll obj[347]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP69\A0007355.exe obj[348]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP72\A0008423.exe obj[350]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP87\A0011593.exe obj[380]=File : C:\Program Files\Common Files\wintools\rmhgxlmu.wzg obj[381]=File : C:\Program Files\Common Files\wintools\WToolsC.cfg obj[382]=File : C:\Program Files\Common Files\wintools\WToolsP.cfg obj[383]=File : C:\Program Files\Common Files\wintools\WToolsR.cfg obj[384]=File : C:\Program Files\Common Files\wintools\WToolsU.cfg WIN32.TROJAN.AGENT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[208]=Regkey : system\controlset001\services\example obj[209]=RegValue : system\controlset001\services\example "Type" obj[210]=RegValue : system\controlset001\services\example "ErrorControl" obj[211]=RegValue : system\controlset001\services\example "ImagePath" obj[212]=Regkey : system\currentcontrolset\services\example obj[213]=RegValue : system\currentcontrolset\services\example "Type" obj[214]=RegValue : system\currentcontrolset\services\example "ErrorControl" obj[215]=RegValue : system\currentcontrolset\services\example "ImagePath" obj[313]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\A0053179.exe ADWARE.ADMEDIA »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[216]=Folder : C:\Program Files\Internet Optimizer obj[345]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP69\A0006424.dll SOFTOMATE TOOLBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[217]=Regkey : software\besttoolbars obj[218]=RegValue : software\microsoft\windows\currentversion\run "configuration manager" obj[354]=File : C:\WINDOWS\b122.exe WIN32.TROJANDROPPER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[220]=Regkey : system\controlset001\services\runtime obj[221]=RegValue : system\controlset001\services\runtime "Type" obj[222]=RegValue : system\controlset001\services\runtime "Start" obj[224]=Regkey : system\currentcontrolset\services\runtime obj[225]=RegValue : system\currentcontrolset\services\runtime "Type" obj[226]=RegValue : system\currentcontrolset\services\runtime "Start" obj[228]=Regkey : system\controlset001\services\core obj[229]=RegValue : system\controlset001\services\core "Start" obj[230]=RegValue : system\controlset001\services\core "ErrorControl" obj[231]=RegValue : system\controlset001\services\core "abcdefg" obj[232]=RegValue : system\controlset001\services\core "ImagePath" obj[234]=Regkey : system\currentcontrolset\services\core obj[235]=RegValue : system\currentcontrolset\services\core "Start" obj[236]=RegValue : system\currentcontrolset\services\core "ErrorControl" obj[237]=RegValue : system\currentcontrolset\services\core "abcdefg" obj[238]=RegValue : system\currentcontrolset\services\core "ImagePath" obj[365]=File : C:\WINDOWS\system32\smpi1\lb5.exe obj[366]=File : C:\WINDOWS\system32\T4\d5ll.exe WINANTISPYWARE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[253]=File : C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe PURITYSCAN »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[314]=File : C:\System Volume Information\_restore{6750FAF3-2B26-4956-B316-41594F3DA01A}\RP195\A0053180.dll 180SOLUTIONS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[346]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP69\A0006425.exe obj[349]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP72\A0008443.exe obj[351]=File : C:\System Volume Information\_restore{CC585D01-9D5F-46B8-A082-B9789F833DB5}\RP90\A0011652.exe obj[352]=File : C:\temp\salm.exe obj[385]=File : c:\temp\salm.log ZANGO »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[353]=File : C:\temp\salmhook.dll VIRTUMONDE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[360]=File : C:\WINDOWS\system32\cbxuvss.dll obj[363]=File : C:\WINDOWS\system32\ljjhfgh.dll obj[364]=File : C:\WINDOWS\system32\opnmkki.dll obj[367]=File : C:\WINDOWS\system32\vtutqon.dll OTHER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[386]=File : C:\WINDOWS\prefetch\QWR67.EXE-034FBD8F.pf