[Guest1234]

I might have some kind of malware because my computer is going way slower then it should be. Can you help me clean it up? Thanks for the help.

Heres the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:02:59 PM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AIM\aim.exe
E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files 2\Winamp\winampa.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files 2\Spyware Prevention\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by Guest1234, 22 September 2006 - 10:03 PM.

[Advertisements]

My scans aren't getting rid of some adware problems. Maybe that's making it slow.

[Guest1234]

My scans aren't getting rid of some adware problems. Maybe that's making it slow.

[Linkmaster]

Hi Guest1234, Welcome to GTG !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
Open Spybot Search & Destroy
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Since it has been so long, lets begin by downloading and running a few programs to help clean things up :

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install Ewido Anti-Malware© by Ewido Networks

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close Ewido Anti-Malware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Run Ewido Anti-Malware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
Ewido will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido Anti-Malware

Reboot to Normal Mode

Please run ONE of these Online Virus Scans :

Run TrendMicro Housecall
Note: you must use Internet Explorer, other browsers will not work.
Under "Scan your PC", please click Scan now. It's free!
Select your location and click the Go button.
Click the red magnifying glass button.
Select Complete Scan.
Please be patient while Housecall downloads.
Please allow the ActiveX Control and when prompted click install
Put a check next to My Computer
Leave the following checked:

Scan for Spyware
Check security vulnerabilities

Click the Next button.
It will download the latest scan engine and pattern files.
When the definitions have been downloaded, the scan will start.
After it's done scanning it will take you to the summary page.
Click the Next button.
Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK
Click the Next button to move onto the recovery (final) portion of the scan.
After everything has been removed, please click the Show button on everything.
Highlight all the of text and press CTRL + C to copy the text.
Open Notepad, hit Ctrl + V to Paste
Save it to the desktop

OR

Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the Ewido Log, and the Virus Scan Log here

Thank You !!

[Guest1234]

Hi, thanks for helping. I did what you said, but the TrendMicro housecall was different than your instructions. I still got it checked by that but I couldn't get a log. It removed one Adware thing. The Ewido got a lot .

Here's the logs:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:14:05 PM 9/26/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{004FBD22-BF74-D521-7B75-458EFE8A5F31} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0089E432-038D-2B85-3BE2-F538EA8CB9CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{012E3C96-088E-958B-C19D-772FA69FFB2A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{031394CD-5109-CEAD-8C5C-5B7633BB36A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05B92FED-4D76-7AC5-786D-B39C086729FC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05DA21C0-E89B-F673-539B-7408A5D9D6BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{072E058D-3046-1956-68F1-D9BA95C696E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{07B26288-C681-0065-E065-8201DD28A761} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{07BA91BD-B56C-8678-6570-354600897B57} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08817655-0E34-8BCD-99FE-0596ECF04010} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{09419588-4A35-B532-FA96-5DD0086ED758} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0972EE38-5F19-0CDC-F8F2-205E91929353} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{09A44D23-36D4-1C12-AD2A-E655F1C400AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AA3F3DE-030A-E239-79EC-175ABD7AC2CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AB9FDD1-4D56-CE34-AA6B-0709058D11EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B4DACA1-181A-DBF9-29CD-2BF9C12D5462} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B52B006-9868-AF22-B536-E21152FA46CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B661C7F-57D6-CE43-D570-49AAE6861F6F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B945A0E-5A30-2CC6-C0B3-D102E3D0FBCD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0C00E564-86BF-A647-7411-77C3D02CBAB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0CD9A677-3C46-B33A-7F3E-F73805E624B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E0ABE69-7345-8741-938E-5DCCA13C4284} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{11432651-A087-8D4D-B7F1-E0B7E38F5E5D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{11BEC0B9-C370-4820-FE14-3C42B32E0875} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1204A789-0139-F9B1-BF9E-4BECFF8288F8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1205AF30-96F3-2B53-A1BE-FA7441166D61} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1213B49D-9D45-A2C8-01DB-95DEB4CC99FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{12F5B24E-24A1-5180-4D31-CA0B61D0650B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{13708A17-1C77-4CDA-3971-6228791D346B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{146F3AC5-1175-324D-8BA9-B14C18C5BA5A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{147C0B30-AF21-31CA-8710-729D602064B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{152D4ABA-73D3-94F6-5EAE-BD7E896D35D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{156B287A-E2A6-F730-904D-15B4B7E35F4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{165E2A96-F6EF-8EAA-AA3B-BCF19E677FD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{16766BD7-2CDF-F267-D2A8-E421A2313EAC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{169ABCBE-6762-3759-96F3-9CB54E0F3180} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17073AF1-08D6-F8D3-0714-F9848611EE72} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17286042-5FD2-617F-7359-43F199E3A259} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{176407B4-E211-4E16-BFFA-63C50AA24B06} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{178ED832-5662-AF21-DCB5-9071147C3AF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17FC9316-ACBE-AA3F-035A-3BB311460311} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18893F03-FF55-B2B3-FE90-43672A959071} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18952B26-A52F-6C8D-AAFE-EE33A6BD6C74} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18A23373-407C-5064-29FC-1C2D804594FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18D3D8C4-FB37-E093-FEDC-3D0FEF307C2D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18EE5E96-7B93-3486-A46C-77DFC8ADBECB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19619DBD-B4B4-FDF7-102F-F84B25374D57} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19A743FF-D985-0DCF-CFC2-5DE372D16830} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19AA31BF-1750-E89C-CB6E-11F9A6477CE9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19CF205A-66C8-D11C-227A-DF98204598D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A452126-E91F-4B4C-C729-710A63C4EE97} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A53E9E2-4A89-992E-61C3-DDF211A2FDE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B7868F3-747F-F324-23F0-1A3EC3D2C170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B80C24F-1F44-7BB2-828A-F5E71543C521} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1BBF6BD6-3F17-3B90-A927-BD49D544F992} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1BD3E410-6822-BE2A-0A66-2AEDBD878A3B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1C452D86-49A8-E109-AE7F-91B9D83BA5AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1C69A5C0-73A2-5593-0FBD-0E5DB07E3737} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1C985E57-9285-2572-376B-C6B0706F7BB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DF7A18C-48C0-6851-A397-35138992868E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1E9407FD-60E2-5EBA-6033-E44FFCC70321} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EDB35E5-7E3C-A5B6-5AA1-BEE2C63F27CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EF26F75-C154-124E-0E58-94033ED07124} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FA74F44-BE14-6F79-094E-4760D87A1B13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2029E211-7706-54F7-9F1E-315F1A6F9844} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21038A27-B7B7-5C1A-532D-FF4CF172CF7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21289821-2649-FC5C-A0CD-7655D127CAC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{229D2295-EABB-729C-CF01-0FEA1A13D1A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22FDEABC-8EB3-A5F1-D02C-CEB942AC6387} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{23209F72-DA97-2C86-963E-2B57CC229A71} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{241F754F-D197-D0E0-52C1-75E57DCB764D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24821956-1F7B-A3ED-FE48-09CB61038962} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24B06A97-66EE-D259-C0CE-149CEADEC397} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24EF33EA-EE7F-BE3D-A23F-D28794BFB154} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24FC992E-00D0-BEE6-2CAE-52D64E126483} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2794F90A-2AC7-F33D-1A20-AA1991DFBC7D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27A8CAC2-029A-02AD-86D0-9B28F264AB06} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27DA8E89-35E8-CB93-C196-AEA15F3DBE14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2818B797-4E38-0CF8-5455-D4914850AA30} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2850CFC5-2BAD-884B-1956-B7BC0BF9D853} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2938F76F-DE0A-0598-C19A-601514AA2F5D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{29D85F04-92C0-EE38-6B32-B7DFD60147B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{29E589CE-9053-0C13-3C8D-FC94BD4CAFF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{29EF042A-706D-0056-6884-957B324286BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2AE9109E-80F1-35DD-394F-6BD77DC00A7F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B1E8955-A81B-6BFC-BC93-68F46EB9E806} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B33C71B-605A-1734-B317-E595374F9DA9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2CC0ABDB-DFA2-1611-30E4-69D3C2CBA817} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2CE711D5-3677-6478-9DBE-8A8DEE743E69} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2CF3BB33-A8D7-079C-312F-ABCFF55DD77D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2D201E84-42AB-E4FA-7FB1-294F80D83F1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DB33C9A-486B-0088-7058-260CEBB2901E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DD5FF42-7AB9-C97E-BB2E-3985388BB33C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FC63E7D-B1AD-A15E-08BB-3F44B89C3C38} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FC683F4-4B40-99FD-E7FB-2D55A95BCDFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FEAB903-6EB6-13A2-FC5F-0B60204CAD29} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{306F8479-A75A-9D8E-3C63-AD58B0678A6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{30C15F1B-B902-8769-7E97-07B632351674} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32647596-213A-8327-EDB5-24A45C5C5E36} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32E04D30-C91D-E208-A258-BBC98B368F90} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32F73678-6041-1897-4AED-8486EC24EFEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{33A21DD2-CC2B-7678-1FAB-321F6BFA0DB3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{33BB335A-E91D-2ED8-9721-81D64B089AEF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{348385B4-1D00-F877-6E9F-5DC720AC5FF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{35BB6475-7B7C-B04E-A3C4-99FEB74D4761} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{375C2FF8-B539-4AA1-E587-85F11ECE380F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{37CF5456-717A-C95A-6D5F-7653A2E09649} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38B119D9-6727-83FD-83D7-D07E3C5905C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38D49FCA-F3B9-5C6A-6224-38F535ADED8E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3989905C-EB29-D007-7657-4D626E83A0BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3992544B-E35C-E7B2-CC5E-542598989C13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{39ADD310-9B90-5CF2-F764-BCF455179292} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{39B55E7F-513F-C3C3-44BF-B0378C8CBFEF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{39C21146-72F9-C00B-D47C-F100644447AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3B821BB1-33C7-877C-CF3F-E5E87BDB1C5A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3BB36818-4EB7-DA8C-0438-956626FAA513} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3BED5062-FCF4-2057-681B-9B1ECE66C657} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C109D3C-5E7C-A8E2-4F7B-26233B51E560} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C590378-0A5C-B10E-AF30-95DF78FBEABD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C5C4850-36D4-6572-6140-C96039A1ECF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C7652FC-49D5-AB91-A5E9-C22E6515486A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C8F8ED0-7873-97D9-7C38-50E4064ACB99} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3CA144E3-3EDF-5E8A-4A55-C2E5F481CD1E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3CE43490-72F9-BCC5-6F44-B0601F287707} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D1EA173-C393-E882-A139-CDA49D5741BE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D314575-05BB-1678-B27E-04B2A966F5F1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F56B013-2968-2BEF-D3F5-EE7CB8690AC7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F6F50AE-B1D2-3A2F-398C-02B7B7A27F10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3FEC49FA-6456-C082-F75C-0AEC74C8C9AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4063C173-47AF-04ED-5619-5C77FD3B5395} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{408A16CB-A2D4-2CD2-BAC6-1B1289A8DFA4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41175E57-7DCB-F49C-5BB1-815201E7DA4A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41A0091F-BE0B-897D-16F8-5BD81668DD3F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41A205E9-49D4-49CD-B33A-A367B57372E1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41D223E9-DE22-6315-824D-623E72B3C0C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{425C9AAD-B046-1D60-B788-F86EA97DFCED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{427AC2D9-095B-B8F2-E344-79D48DC72DAA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{42C144CB-27B3-27F0-C116-E454EB628818} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{435DCDD9-3B9E-86B0-4766-2C88AE5BABD3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4410D8C5-0277-7086-4641-DD5178D4D6ED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{44982FD6-EAEB-F26E-624F-F2620042D9B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{44E0D735-44D9-6488-8EBC-B58B04F744E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{45055C44-55E6-AD22-DB63-D4A8D31544AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{452F1EE7-C91B-B623-8E14-7CE36CAC51A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{45BB100E-E1E8-C990-C393-ABFCC68EB7AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{46016C67-D3FF-4014-621E-C121E994E090} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{46D78444-C8EC-410E-1C8B-CF6352D890B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{47DF8044-1CA2-DA8C-1BA7-43B6E86C994F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{482ED513-8F9F-5049-FF7A-8FB035464E5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{48318C66-81D4-290B-BD6B-DA3DD281424B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{48535929-2907-F7C1-1E4F-AF3F6D02A932} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{486EE457-CA2F-6F9C-14B8-380E08A6E2E2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A2CAEE7-479D-525D-B6F5-E9576A65F285} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C586B1B-6256-BDCF-44D6-F0436A542593} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4D8E7FD0-7790-B916-09D7-0575F565150C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4E3683EC-EDA1-0338-4DF4-D571699FD262} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4ECE1E4E-A74E-6F51-9254-9D6F80339B7C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4F96C427-A2E2-F522-0ABA-0CDBB14A7153} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5085B226-C8E8-0E38-868E-EFEA18A27FEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{50A0058B-9B7D-653D-AB07-A0A98CADC978} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{514CDFE1-5B4B-0907-2D78-0540364AC64B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{51F3E69F-1686-3512-49E8-49B547E4E169} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{521B84C2-EFEB-DC8C-B02A-9089847972E1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{525D2913-9A97-6CBA-850A-A16BE3744A14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{52CB6BBC-C86C-BFFD-F66A-B2A88E0B1D03} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{535C0868-F78C-D87B-99BF-4E0AEB7AC6A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5364ABD3-3300-341C-1D26-05C46F9627DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538D316B-A3A2-1200-EE47-1BEF8BCDD755} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{54255AC2-2B7F-9119-713D-1BFBB01E8BCD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{54EC2000-824C-7ABC-DA9D-E7D8479CD36D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55AF9F27-5FBB-5D76-1452-172B6166BFC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{560E5B6E-818D-D734-6E90-6B02A8D4A3BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5624FB2A-5E7E-C67B-2C18-0AAF52EEFBB0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{562F830B-6C97-4F8B-7E3B-24F75C144608} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56F232CB-1514-101F-ABB5-2926D33A1BD3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{570ABE20-9DA5-936D-5769-79E0AF19A826} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57AA538B-F827-6D87-4C8B-7BABB6F6EAD1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57C0C13E-E95C-411D-BCD9-A537E6B2AA24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57CC204F-905A-2B4D-BD5E-30AC516741C9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5880036A-0118-7632-5BAB-52818C7FC91F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58C78D32-033C-933B-522A-8CA01511980B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{59402149-6193-21F7-89AA-F3257E59368E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5959ADFC-13B9-0878-F99E-A0FDEE627DB4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AC69FF5-1DF8-FCEA-F8E7-A23084881BB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AF27B88-58BE-EDE2-DEDC-AC150AF3E5C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B64A5E4-EB26-4B4D-C13E-8F78BB038F3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BAA0FF9-E39A-30D5-BF80-4877B55935E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BCDB351-F6CE-3209-14B3-9286BD7B588C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C0871EB-F293-70B9-E681-CC63B77DFBFA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C397BB2-36D2-F787-9AA2-DB56173763F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C72B122-9904-E5BD-4093-348A5AD1BEF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DCD2B4E-94CD-BAC9-A2ED-1738BBFD853B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DF68014-8E92-E1A6-CEC5-71F4FC741A18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E5CDAA5-6515-89C3-CE2C-CB7B0F711BBF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E928233-1DF4-9645-2126-AF9BED9815F0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E940647-A153-0D81-849D-912EFEE6B0FD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E98A737-F955-2341-8318-F6BA73211958} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5F54EB56-ABB3-1965-610E-A3DF515F7AB9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61744A12-E125-F69C-D1D5-BEFC7277ADF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{621C772A-BD1C-569E-4C0E-31803458AF26} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{624D9FC7-9816-CDF5-5B99-FA75E8984264} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6258C774-629D-699E-B02B-D1CA18D86A54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{627786BB-6448-3092-7B9F-EC2C95F20347} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6456D760-0959-2338-4E2B-BCEADA470C19} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{64ACBCED-4C70-32ED-5E7C-6D6EFEDA085F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{64B4EF1A-E644-FC93-33AB-4DAD4D7BB624} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6569D3E8-52B2-7FFA-EA25-C09207CE58BD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65E1E63D-52CA-BFA1-A0DD-1E839592A8A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65FE79E2-49CB-CDA5-40C9-35E3986828A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67878067-8C35-4F5D-4D85-1A13C5E41DE1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67AF7623-517A-FCC8-0B37-5341BB0100C2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68288E7E-9122-8D27-DBCB-DD510FF9D857} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68325EC5-8249-986D-EB26-06240713F6EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6858C515-CA3A-CA02-9CFD-3BCF1EDE0B9F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{69FEAC45-7BA9-7690-3417-89B30EFA0A97} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A22CD02-E407-6F80-2783-266C5C178894} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A5175A3-61E8-04E2-F0D7-734877AC5D1E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A7562FA-C6D9-7DB2-344A-9941C7063F33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6B014825-F801-F6B3-8BFB-8D1EDD53C72E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BB2CE94-CBE3-276E-9FBD-683911ECC178} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BCADB11-72E0-DAFF-E126-F478B34309CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BD51469-DF9E-3C14-DE92-02BED9A8008C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BE5F602-57FC-035D-69BB-0127DBDAD5A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BFC94D6-8C65-7399-A676-E9E12E0A6908} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CB61E92-AED0-7ACF-1AE7-7AF23F33ADD3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CEBC165-91F6-1D4D-F490-A0F961E0C302} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D572FF5-36CB-A644-5C74-9CB819A647A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F455C0C-D11A-ABFC-AD04-0AE9398535D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F602FD6-D87A-FBB2-6E16-961DD4CD1331} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F99DB7E-CFDF-18F9-0B84-6D52A771173C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6FAA50E8-344B-6263-A3E9-64D6A3C13199} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6FBFC767-BA2D-2F70-8A5D-A98994EFD552} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{708A3F77-2B37-C3B7-492A-8F7BB57030BB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{70920603-1F34-44C9-57D5-20463F49C237} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{70DCE89C-D9A9-938E-3801-E2EE2A8B9C09} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{714795AE-B851-C38C-644A-A0910EFC29CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7205A0FB-03A3-29B0-F193-EEC35EB9D77B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{72B2792C-D29E-16A4-EE1D-D7DC8988D531} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{739966E1-825B-10D9-49B8-69B4A3A6EFC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75895338-95C6-E212-8F56-E4EABE6726D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{76319600-5394-492A-8D46-BB7F1C729D83} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{764A59F9-99D6-2569-75F4-67BB902C09E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{767C3BCA-1931-C2D3-5152-1EAC589AADF7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{772A6985-125B-1505-70C1-C5D01EB853C7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77E38A16-B67C-D604-EA0A-054D170292B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{78AFF2F8-E6CE-9B55-9F05-5E6558B36A94} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{78EF18EC-0436-A0CE-370A-5BB4D74C64A9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{79057FF7-7928-2151-3174-30EEE120535F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7912F734-6734-3BCA-181D-264E16D1AF22} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{794F8545-B381-2043-E8A4-7F994ED794A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{797F33D0-1204-41CA-1A3E-630AC5EC5FB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7A92AD2B-4A2B-E681-180C-852F9B4A3BB4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AEB58A7-E935-D9FC-9121-97B8461AF541} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B3F3258-BBFA-E7EF-708B-49D3F85061A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B91F2F8-A5DA-B07D-3C3A-9622872C3AEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7C121035-5121-FC97-9150-A3A543AADFC9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7CF63507-F787-DEDD-FF68-BDC0D8517426} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7CFE70E5-7433-AEA9-686E-EF0FC41B785D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7D8E9033-94CD-739D-8A5B-376572E16A8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7D97C460-3EA1-3C33-6F8A-16A4C1720941} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7DB2627F-041B-A150-EB3E-BA5F55EAF02D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7DCC3AC2-6B28-C176-22B6-A69A9AAB539B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7DCC452B-550C-C401-EC19-C89A69C086CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7E41E0F3-FA9A-2D8F-5F4A-6520AEDE0C0A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7E93FEB6-B4CA-3BCA-3BA2-BA8F2658BA6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7F0FD938-6921-7913-8F78-2E42633C1214} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7F9872AA-D844-3BA5-05C2-D4D77CABA699} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8041C94B-7E57-BA9B-E965-10CE89E63B6D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80CE4264-DE48-7277-BAA4-D6E07C2653A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80CF49B5-91F6-D2DB-57D7-7086D2A8C9AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80DAA425-DA60-3DA0-927D-F4CE735B581F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{824CB85E-8849-F5FF-50D8-97E69A69E394} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8260213B-77BF-1455-EDD7-A66BEE63BB4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{827E1FE8-9C39-95A4-CA3E-FEC6A5DF8173} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8291F30C-F81A-B2CF-C934-5E5DA6E15E63} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{830AA2F8-C8EB-24B1-C5F4-64095BDA680E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8315FF5F-B248-BB03-6EE3-32D791E8766A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{844A3959-72B4-D52C-3764-396BA8F199A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8455ADD6-2004-47C2-9816-6F3B875B7CE3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84908E0A-1A6E-B249-3546-1EF2878BD854} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84A38D33-C7E1-EFF3-B883-A512309372B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84AC5882-1D0F-C6A6-58C9-92DB1C8DC676} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8524EB63-E94C-0E8C-81F9-0567631683AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{867653BB-CBDA-5ADF-86A5-ECF1FB3432E2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{869A35BA-35D8-B014-00C5-D0FA6D89F1C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{86A6E2E0-A3BB-429F-4259-DEDA727BB219} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{871DBCA3-8C9A-7FDF-FE00-BEF05B30FF6F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{87680A9A-4595-032D-4F84-B593061B9FC5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{87993483-A3AD-794F-F265-DD005BD9116B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8853708A-2E5C-80FC-1A5C-B410077C3BE1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8A173A54-5646-15FF-EA3F-C5FDF8E65961} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BCD1ED2-B29A-E094-AA14-90786D920B81} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BD9CE8B-36A6-B790-9E5E-F1CA25A18BA7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BFBA35A-44BF-8A46-263F-78430DC93768} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8C364474-6BE5-AAAB-E18F-0C20AF481EF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8C7413DD-6325-E43D-BD47-63DEDEF0FC7C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D0585C2-7837-436E-A1A5-25C507937285} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D58F80B-CC0A-4849-6C5F-673680DCC0AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8DD0E093-F203-A226-34B6-803644787EFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8F69ADF9-A5DE-30DA-0B84-99655E5A16A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8F826F9C-2903-49CA-BE45-21A0E7E113A0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9005B84A-4256-4B35-2E27-4F8D063C344C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{90570AD0-8B79-19AD-D1A4-30FEF02A6830} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{90706F45-D241-085D-C3F4-2CA0366EF00C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{908769E2-4A81-1229-AF77-095E926EDFCB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{92CD26ED-B9CE-CB49-0FD3-BFA51393E4EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{92E41AF0-C151-25C6-66EF-4B3CE41A3E92} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9341B059-25B9-C093-AEB4-FF0CB478B147} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{935DFB05-7DED-A169-BFC9-B6F91461D1D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{938EA715-0A71-38BD-176F-1ADA2F961E86} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{94124D3F-316B-12E0-B4A0-90339AA27D84} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{94EC2FF5-F1A1-5745-B909-81C74FA710D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9536DA89-F740-EDD3-5F02-92FF81C9603B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9567AEAF-59B7-5E8B-8F6C-5DD2344A72B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{95B60120-83F3-6EE8-F150-763CFEC0137D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{95BAC7DA-0DDB-6F51-2538-D3418AE96254} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{95C6CC09-197A-2E0B-08A2-31A543B88320} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{96540400-C364-871F-2E14-83ED06818F50} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{97ABFC94-0DCD-6F23-07CA-0397C1202816} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{97FBBC62-369F-C41A-FA15-60FD4A4E9064} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98211CC6-07C7-122B-026F-9791038EBAB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9875A24E-C960-788B-3993-510C18C560E6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{988C6476-5EA2-E122-57CE-2E4F86D27B58} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98CC5E5F-7877-CB9D-3D33-989DA81B39DA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A7207C1-F9CF-2AD4-96C4-3A2EDCF39262} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A8EDCEE-DCA4-FA4B-7A7E-7E08AFDFA982} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9AA00624-7341-B480-F29F-F48388C6D50A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B4C92B4-9D54-68D0-1895-BE29FEDCB788} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E08A150-C462-B2E6-159E-827B27D06558} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E1A8018-A9B5-1BCD-91E7-FC63C21F3EAF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FA37D52-3768-0C3C-21F8-0E04D88140FB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FA37FAE-BA76-0AE7-C44F-7E8C68FF3F53} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FA52122-2375-8F5E-4E44-0720C3BF9634} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FC50FD0-BCC2-8F19-6F9E-041A3EB87A02} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1366D01-84C0-2558-F68D-17874321A0CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A18BCBCE-8140-1854-2B7C-AE957E632346} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A25AC3EE-0FF3-BCF3-C5B5-FB29B4033A43} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A3F9FD31-3DFB-13C1-8E7D-BCEAF75A15DA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A4571542-A194-3710-8763-F3C447885424} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A52C7D9D-ECE6-E7DB-4A98-9F196536545A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A65F11A0-3D1B-37FD-F86D-9AB8607151F1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A6702ADD-F9FC-F792-1265-9B33BE0904C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A68DE0F0-8DD3-E275-4478-3B9437408BED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A69601D1-A4A9-AE71-9651-BB5AE6624B4B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A6D17E2F-D546-7B87-5DBC-A3869E2C178C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A758BCB9-66D2-5737-DE37-3927CE58D302} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A772E202-44D2-732F-1F20-77D6C5F3D119} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A78A56B1-27AA-D3DB-D9B4-29085F3E88F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A78AF0E5-CDFB-09FE-B586-1706636C89DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A817116B-D3FE-F854-8ECE-3645426FCE90} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8A6D469-369F-3458-9CB6-13F81431144C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8F318BB-7628-8BFA-81F7-FF4C24E0AA4A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A9286A6C-DA6E-C7A6-3C97-95677D9DA2FE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A97AC2A2-0659-AC43-72DB-D9D913C43C45} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA2FD1E9-7BAB-3225-E2A7-8FCEAC3D101F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AB85684A-4508-905F-F020-27C07E64CC14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABCB8233-D594-C22F-4E0B-21DD2822D818} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC124343-1176-6B9A-8BCE-FD87B84CF219} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC143F1D-AC5E-2BFB-3800-4506564697DB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AC152C0C-381B-A230-6B29-1A23741F4A9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ADFA3880-261B-1BF8-91EB-1DEF4A8C4300} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AEC827C2-7DCA-3620-5BA4-B8F22CE8A449} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF1BEE74-B1D1-2FF6-8E8A-9A95AE6518FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B0344A45-2782-64C9-5C43-8BD794FBF041} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B0FD6320-27E9-F236-D46C-1DBD5BB05BC1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B1FF3F19-7676-CE5B-FC1F-3CE368BA9C2F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B2CEAC62-786C-911B-9FC6-E8983E655D36} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B3770AC3-0147-2627-0720-789FE7DA486D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4EFEC2D-7EFF-8608-94F7-063C1233592C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4F8C4E0-F516-5DEF-B102-AAF1ADBCBB04} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6D22878-12C8-0086-B3C3-798B2B51E64A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6F3D006-AA23-425A-7BB3-6A0B8479653D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B761EF1B-A8E6-61C8-4DAC-F05E97FF5FAE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B79CC35D-10FE-026C-855E-6F9CB7D9C3B9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B824C0E3-2D3F-4C0D-C74F-6A9E9873BE3B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B85E71E6-3650-8D2B-A478-61D21C5EB838} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B8F28A6B-4308-8C8B-4DAA-1D2763F029F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9F01E63-168E-1A30-0030-EC2C905AC2D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BA38744A-007F-6249-B9A7-FC69C00DB126} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BA402C19-ABBE-D766-2E8F-97AC50E58957} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BA653A13-1A50-78A8-6A2F-1EC52F9A94BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BABD9DA6-1A9E-2FD5-636D-C0DB378E00C3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB056793-8C64-41B8-90A0-3EF629FCDF98} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BC7A8C50-E70B-A500-10AC-1206F6D3E64A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BCF264A5-8739-6BEF-6A73-FF8C5C441E5B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BD6D3515-13C8-89DB-38D3-4630B615B324} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BEDB0663-7AC0-B7C0-BE42-118165167350} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF82252D-ABE1-E8BB-F0BF-178FB378D258} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0C12E18-7A68-3ADC-95BD-23E5B697B5C7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E3BA89-189A-FE16-58C8-370A00C0929E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E590F8-92A7-8A8F-B621-507AEDA3404F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C168B909-17E4-699C-5A21-7AF4A2E20AF7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C16A3BC1-3735-D21D-1A52-FEFF22B1C68D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2D8452E-2FEC-F517-A5AF-A552035DE43F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4321F79-4119-FC9A-FB04-062C3F916C8D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4322B27-0B19-D263-F955-4B1DF8B80E2E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C43477DF-1979-8DFC-4F3C-C3BE66A775D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C517872A-6D77-8E92-F227-B5714851DA13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C590343E-22C4-112E-50B4-EE7FEE41BC70} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C59125DF-029B-6A6C-6A20-25059899CD06} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C738A371-0430-6A14-07D8-FF8D00747F0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C78E0E7C-ADA6-7B28-4484-0313AF2594BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C88E144F-4510-0AF3-96D3-FA4B4D451F0F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8BD4A98-45A5-E2AA-83C5-0A9AB8F19874} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8BEE708-6D04-1677-F2EE-681F5D9D77B5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8C966DD-1537-9AB7-2EF4-DFEF1A1C8D24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8D60032-EF00-BFD1-52A7-394FC92B52A9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8DD038C-9E0C-17BC-7FA2-1F0B1D2B86C7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C8EE100B-191A-611C-5766-34F50DE08954} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C97CB847-28A7-9898-6A69-C9307ABFC8EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C98810F6-0CE7-2374-CDBB-C91E9FE2F988} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).

Edited by Guest1234, 26 September 2006 - 10:11 PM.

[Guest1234]

HKLM\SOFTWARE\Classes\CLSID\{CA01259F-E876-D3EB-B61C-C0B5564A7336} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CA0DCDD7-8D31-86B3-7E16-DCA55E4E0869} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CADBC7A8-500E-0B4A-0091-ACA1206F6D3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CAE5D01E-D1D5-0A94-36DA-A1764B33E959} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CAF47898-C983-EDC8-AA16-D3DD2ABB41F8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CB83AF3A-9251-64AE-8C9A-2124E181DEA7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC9B510C-5678-0907-65D8-DA76547B7AB8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CD026C37-3A3C-08C8-544D-E7060E463F1C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE374125-CEC1-2CAC-4A98-2535AC3802DB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE7F324C-E742-BF9B-37E5-A16FD8856B2C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE8C95DF-A478-EE5C-E911-BE35E557C173} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEDDF6C5-0CB5-7396-9211-5800350CE4D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CF30C520-DB2C-D18C-D86C-3486CBAC7398} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CFDEA8B1-FC82-43F0-1F9C-98BC7CB6EFF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D010E2E2-A168-789D-9E57-563AC50A66D0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D01EB853-7FC4-C7B4-95AA-53BAD27A97DA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1C96C4F-2ED6-38A6-D851-7941DBEFAD9B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1E85150-6167-FA43-B812-7C2D5FF83DF9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D259260E-E911-1A3A-BEE3-5E850E986740} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D25A25B8-1705-38FC-7AF6-4A940286F8EF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D3086B2A-B4F9-BDB1-7B86-AF5F1A488219} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D30D862C-7872-1A50-5712-DA6ECDCEC3A0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D321957B-B920-8DE0-E8AF-647898764D68} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D321DC4E-C5C1-733A-6B36-D1F22AA3BC87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D33E8457-1C8B-99A8-FC93-DCDA4844B2A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D3460D60-001E-2E3C-0500-CD1B84A65091} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D36C88C7-7E35-0307-C208-883012F4227C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D484824D-0E29-349E-95D0-42852CE4070B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D4B37658-9FC7-CBCE-2648-EADA0B911772} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D4EFC592-3458-DFCE-9A65-8A24EF11D290} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D4FD3E7F-134B-3265-8C6A-C70ABD1A2E09} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D55238B7-9654-4EFF-6EB8-2598D7B86A2E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D5656802-6E90-5AEE-E0B5-D63166B32D47} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F7942A-2903-FD22-A0E5-7716B284A428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D77DA2F7-52E1-CEEC-769E-072FF9CFC654} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D78A2FEB-561A-C5BA-83C3-DB7E4F6BEFF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7AEEC4F-EF23-DBBF-0F03-E70594344763} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7DD6D7A-7AF7-EFFC-1A00-2566B1C647A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D861F394-A0E1-C91F-C741-AADE2CC2B5AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D861F83C-B70D-C684-FDEE-89CE5EBD826D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8DBBFBF-DDA6-EEA0-A520-1DF97AE8D26D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA7130DD-904B-697B-1BCB-66016D8302E2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA961EB4-D503-2B8A-69AB-C4905735F48D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBFC5A92-4FA4-C151-1D59-8CA0FBBFD49C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DC73983B-D030-AD00-8DD5-12322CEA9002} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DC7F0147-FE14-8C11-B567-602ED4468C81} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEC2F6B0-D8E7-5560-53B8-FCC3BB592A8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEFF3B98-3686-8151-5CDB-C593651F3170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DF7B4507-13C3-06E8-197B-D732093994CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E0A5C458-AC2E-B916-BD3F-071509CC72B6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E0DD7A95-1DF5-210A-C8D1-D9AB86BD9109} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E0F32011-CDBE-1676-091F-CB58DD004071} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E10CFF79-7387-A961-D8F3-A733C71183E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E207CDC7-CD26-369D-78B0-1A236861EDFA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E29CD8F5-8770-88FC-7869-830FD4AAE7E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2D18933-6CA1-461A-2D30-CC986B408A2C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2D1983C-BABF-2AAE-DED6-6001C5E50B35} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E33988EA-105D-44A7-9FD0-113D658D407D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E3AF4D60-60CE-62C1-63C1-3F2375960FE9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E3C75ADD-28CA-1552-C53A-CB5117FD483C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E464D507-70C1-E654-A743-720591F1BB59} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E58BBC7E-7207-D1BE-CE98-6CC37B27883D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E5C5D2DC-AB60-E0AF-75C8-AB6EE8EEBA83} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E616513A-40E1-2657-5238-EAF908483D9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E631A3AF-2375-8D4C-66B1-AAB77C548825} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E6A766C9-F1C8-9CBC-A75C-5935FBF06839} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E6B010B5-D034-830A-78ED-43E932E280CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E738A396-AC71-CAF0-910D-C675897B4EF5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7CE865F-83BD-8B29-E37E-2FF507C083A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E8BCE66C-5426-02CC-C3A0-5F1FB007E5A0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E8F8DF77-A372-CB3E-F005-44B07E1086DE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ECD8EB7B-F315-F6C9-F00A-D133E9653BB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED29D508-9D6C-8703-229F-51213F86001C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED83DE83-1A0E-2A73-D318-B4BD3272FB28} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED8E9721-81D6-B089-EF0F-D4AD2679EFBC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED9A9904-1A77-7088-1F23-D2794EDA2131} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDA6D516-33B7-258C-7426-9D5699E6B02B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EE71F47C-9AD5-9285-3F03-BD4E23A370B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF0124CB-C96F-7679-6100-05A3C16A52D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF497844-7B90-4822-A898-12306EB83DD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF575F1A-1A18-7B87-F4D8-13A1763ADD3C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFDE9EDA-3EDD-9E0C-72B4-AC2CB8167A0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFEBB260-C21E-967D-CA15-0C1770C3C5C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFF77B34-BB10-6259-D56C-2FE1758999B5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F0114569-D248-1732-72D6-BFA6C013C771} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F101F265-732D-2CAC-ECDB-8A41D24BFF99} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F1433B90-7710-35CD-1D3D-FD488534F671} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F1B032EC-1B77-AAF4-3E7D-21EB543FF7AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F21F1985-844B-0CC0-F3B5-4B4CC367AEE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F3AE5B8F-570D-9630-AF9D-BB9359426ED8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F508238F-F52B-9FF9-41BC-BCE5F30907CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F5522D84-3591-9A40-3E89-DA8F72AA16D4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F6F5CE66-F97B-B02C-DFA5-E0E2B60FA523} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F6F9B3DC-DB00-CD9A-BD51-438F4C199E45} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F735A94E-3DD7-5936-2156-A36605F56680} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F80FD839-B3F2-35E6-66BD-F75654382483} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F831BBBD-4EFD-0AD2-5B57-0067ABE2F1DD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F86F75A9-3FEC-ADEE-C7E1-DCBB57E594CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F99BF517-B3EA-27D7-0958-38A5124F9D87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F9DE2FD1-D201-F180-75AC-500B7D9A8F17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FAA3AE33-E236-9AAE-0086-426033A4531F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBE082F8-A0D5-70CD-EB90-9C45156A5E8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBE44A98-DCBF-9DB3-6DD2-44E146EF1C57} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FC6A8D30-4572-4816-69E7-CC739308150D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD1BCAC3-5623-81C6-D10D-ABBD18FA773A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD5775E7-3E8B-3E55-F4E1-4EFA15397DBF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEF28766-EC07-9CC6-3DD6-241C5C156710} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF82035F-0086-8DD2-C7FF-4F5E2A38F671} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF9C2285-7435-9341-80FE-A833F235D80D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F03A0AB-9AB9-6F22-30DC-7DA69D53B123} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FF8D353-F31C-0E63-FF78-664C927DC714} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BE22BEC-1D4B-238E-0CAA-4D49A69DBEE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{239909EF-A930-14A8-86CB-3552F80A8F71} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E366BB1-818C-CAF9-EC1B-9788483C2FA9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{347A8C4F-8C3A-E92D-3967-48F205E8D3DB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44CC1828-0E3D-0A95-ABD6-EC5D9B87433C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47AC66D0-CE97-D311-E35F-40428823161F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49131BF8-B481-A120-9036-48F6347DFAFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AAFEDF6-1929-789B-05C6-5C1430ADEC3B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C00B7E8-2065-7585-4C01-7AA18EC53C39} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4FF8D29D-337E-BE3A-12D2-033C958B74E1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51800969-48F2-7F01-9784-D8DD201261BE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{543E5DEC-9A89-6C8C-67AC-D0B02ABB10D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5952B661-A49F-07C2-2FD6-A5C20926F8DF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D794D9-8036-58BC-9B54-5EC422966E07} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6878846C-CCE5-9006-4861-46318B08A482} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{738D8853-5874-6844-0AF4-5E619600256A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75DF767A-8F98-D240-FB11-406F16816D6D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{764A59F9-99D6-2569-75F4-67BB902C09E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DAD4A69-2FA3-0B3E-7881-81BE388EA0FC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F0FD938-6921-7913-8F78-2E42633C1214} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8229FBFA-FF3F-EFEA-D599-8A5F56907C16} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F9D9D9C-9CCD-9854-E15E-1EE63F21E720} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9536DA89-F740-EDD3-5F02-92FF81C9603B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4881825-4CC9-B4CE-6290-C430E5E901F8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEC47B7A-3BD5-1DD5-83D5-3166C98819AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF1BEE74-B1D1-2FF6-8E8A-9A95AE6518FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C199CC42-9314-C988-794C-4F514B66252B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C97CB847-28A7-9898-6A69-C9307ABFC8EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA52CBB6-083A-7D75-F960-5392AB9CC8EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDF81721-038E-C0DA-5870-A3CF1EBA96B9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6B010B5-D034-830A-78ED-43E932E280CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3C0B6F7-1973-30BA-058F-4A98172DB30C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA3AE33-E236-9AAE-0086-426033A4531F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Incredifind -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20051005-165501-172.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:ggmnki -> Adware.OneMoreSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:lkuygt -> Adware.SearchPage : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined).
C:\WINDOWS\WINNT.BMP:lhbghb -> Downloader.Agent.al : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:ibtzh -> Downloader.Agent.ap : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:onvec -> Downloader.Agent.ap : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM.INI:gcqkl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WINNT32.LOG:yxdjt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:ozjme -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:zjrzjz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:oybucs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\Q811493.log:czrsg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:moeiud -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:akplm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\crbm32.dll:rhinc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\ntba.exe:atjgwk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\orun32.ini:amuurm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log:wiizns -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\P16x.ini:odlok -> Downloader.Agent.db : Cleaned with backup (quarantined).
C:\WINDOWS\KB824146.log:qecbv -> Downloader.Agent.gs : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:xqtvv -> Downloader.Agent.kd : Cleaned with backup (quarantined).
C:\WINDOWS\EXPLORER.SCF:izsvb -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:adiso -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\KB839645.log:wqmwv -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\KB840374.log:ldrks -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\Q331060.log:dwgfh -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\WINHELP.EXE:zdweu -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:kwvij -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\orun32.isu:emdad -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\iccsigs.dat:ajesm -> Downloader.WinShow.u : Cleaned with backup (quarantined).
C:\WINDOWS\Q328310.log:gecon -> Dropper.Small.tn : Cleaned with backup (quarantined).
C:\WINDOWS\Q329170.log:nvnho -> Dropper.Small.tn : Cleaned with backup (quarantined).
C:\WINDOWS\Q811789.log:rbvhi -> Dropper.Small.tn : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:frwzu -> Dropper.Small.tn : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:vanzp -> Dropper.Small.tn : Cleaned with backup (quarantined).
C:\Documents and Settings\Guo Liang\Cookies\guo [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\m186mg8w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\WINDOWS\IIS6.LOG:xlueem -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:lwgwlv -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\KB839643-DirectX9.log:oiogne -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\KPCMS.INI:wdxfot -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\Q329909.log:fwfmq -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\Q816486.log:cdyaf -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\Q816981.log:unmdsb -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:qeogsk -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\_DEFAULT.PIF:ysono -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\crnp32.dll:jibsw -> Trojan.Agent.bi : Cleaned with backup (quarantined).
HKU\S-1-5-21-665108379-2492932848-3088651030-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup (quarantined).


::Report end




Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:28 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Wow there's a lot....2 posts required.

[Linkmaster]

Thats OK !!

Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report

Post a fresh HijackThis log and the Panda Scan log here

[Guest1234]

Here's the Panda Scan:

Incident Status Location

Adware:adware/searchaid Not disinfected C:\WINDOWS\n_cednbb.log
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Q811493.log:lkjre
Adware:Adware/Winshow Not disinfected C:\WINDOWS\TSOC.LOG:xjexm
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\VTruck1.ini:abriv
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\WMSysPrx.prx:mjhch
Hacktool:HackTool/EvID Not disinfected E:\Program Files 2\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]



Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 5:32:15 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

[Linkmaster]

OK, lets try one more scan :

Download and Extract ComboFix to your Desktop
Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it will produce a log for you
Please post that log in your next reply

[Guest1234]

Henry - 06-09-27 18:11:58.15 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Henry\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\download


((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 18:12 -------- d-a------ C:\Program Files\Common Files
2006-09-27 17:32 -------- d-------- C:\Program Files\Hijackthis
2006-09-27 16:18 -------- d-------- C:\Program Files\Windows Media Player
2006-09-27 16:17 -------- d-------- C:\Program Files\Steam
2006-09-27 16:14 -------- d-------- C:\Program Files\QuickTime
2006-09-27 16:08 -------- d-------- C:\Program Files\Messenger
2006-09-27 15:28 778656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-09-23 17:06 -------- d-------- C:\Documents and Settings\Henry\Application Data\Aim
2006-09-20 21:09 -------- d-------- C:\Program Files\AIM
2006-09-20 17:33 -------- d-------- C:\Program Files\Starcraft
2006-09-19 23:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-19 23:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 23:09 -------- d-------- C:\Program Files\Sling Media
2006-09-19 15:46 -------- d---s---- C:\Documents and Settings\Henry\Application Data\Microsoft
2006-09-19 15:38 -------- d-------- C:\Program Files\Common Files\aol
2006-09-18 18:45 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-17 18:06 -------- d-------- C:\Documents and Settings\Henry\Application Data\uTorrent
2006-08-29 20:49 -------- d-------- C:\Program Files\Common Files\GuruNet Shared
2006-08-29 20:49 -------- d-------- C:\Program Files\1-Click Answers
2006-08-21 05:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-09 12:17 -------- d-------- C:\Program Files\Internet Explorer
2006-08-07 11:08 27904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-07-27 06:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-06-25 17:00 80944 --a------ C:\Documents and Settings\Henry\Application Data\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Steam"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"IPInSightMonitor 01"="\"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\IP InSight\\IPMon32.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="E:\\Program Files 2\\iTunes\\iTunesHelper.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegedit"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (D6N23N31-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (LIFAMILY-Guo Liang).job
C:\WINDOWS\tasks\McAfee.com Update Check (LIFAMILY-Henry).job

Completion time: Wed 09/27/2006 18:12:59.46
ComboFix.txt

[Linkmaster]

Download and Unzip The Avenger© by Swandog46 to your desktop

Highlight and Copy ALL of the text inside the following Quote box to your Clipboard :

files to delete:
C:\WINDOWS\n_cednbb.log
C:\WINDOWS\Q811493.log:lkjre
C:\WINDOWS\TSOC.LOG:xjexm
C:\WINDOWS\VTruck1.ini:abriv
C:\WINDOWS\WMSysPrx.prx:mjhch

Run The Avenger
Double click the Avenger icon on your desktop
Under Script file to execute choose Input Script Manually
Click on the Magnifying Glass icon which will open a new window titled View/edit script
Paste the text you just copied to clipboard into this window by pressing Ctrl+V
Click Done
Now click on the Green Light to begin execution of the script
Answer Yes twice when prompted.
The Avenger will automatically do the following :

•Restart your computer (In cases where the code to execute contains Drivers to Unload, The Avenger will actually restart your system twice)
•On reboot, it will briefly open a black command window on your desktop, this is normal.
•After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
•The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip

Run Panda Active Scan again

Reboot and post a fresh HijackThis log and the fresh Panda Active Scan log here

[Guest1234]

Avenger couldn't delete some stuff. It seems Pandascan found another adware to replace the one that was deleted.

Avenger Log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\haheptpn

*******************

Script file located at: \??\C:\WINDOWS\system32\ghglyqhl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\n_cednbb.log deleted successfully.


Could not delete file C:\WINDOWS\Q811493.log:lkjre
Deletion of file C:\WINDOWS\Q811493.log:lkjre failed!

Could not process line:
C:\WINDOWS\Q811493.log:lkjre
Status: 0xc0000033



Could not delete file C:\WINDOWS\TSOC.LOG:xjexm
Deletion of file C:\WINDOWS\TSOC.LOG:xjexm failed!

Could not process line:
C:\WINDOWS\TSOC.LOG:xjexm
Status: 0xc0000033



Could not delete file C:\WINDOWS\VTruck1.ini:abriv
Deletion of file C:\WINDOWS\VTruck1.ini:abriv failed!

Could not process line:
C:\WINDOWS\VTruck1.ini:abriv
Status: 0xc0000033



Could not delete file C:\WINDOWS\WMSysPrx.prx:mjhch
Deletion of file C:\WINDOWS\WMSysPrx.prx:mjhch failed!

Could not process line:
C:\WINDOWS\WMSysPrx.prx:mjhch
Status: 0xc0000033


Completed script processing.

*******************

Finished! Terminate.


Panda Log

Incident Status Location

Adware:adware/searchaid Not disinfected C:\WINDOWS\n_fvctpe.txt
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Q811493.log:lkjre
Adware:Adware/Winshow Not disinfected C:\WINDOWS\TSOC.LOG:xjexm
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\VTruck1.ini:abriv
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\WMSysPrx.prx:mjhch
Hacktool:HackTool/EvID Not disinfected E:\Program Files 2\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 5:43:06 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by Guest1234, 28 September 2006 - 06:53 PM.

[Linkmaster]

Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button

Download Killbox© by Option^Explicit
Unzip it to the desktop but Do Not Run It Yet

Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run Killbox

Select Delete on Reboot

From the main Killbox Window, Select Options, Delete on Reboot, Process all in List

Please copy the file paths below to the clipboard by highlighting ALL of them and press CTRL + C

C:\WINDOWS\n_fvctpe.txt
C:\WINDOWS\Q811493.log
C:\WINDOWS\TSOC.LOG
C:\WINDOWS\VTruck1.ini
C:\WINDOWS\WMSysPrx.prx

Return to Killbox, go to the File menu, and choose Paste from Clipboard

Click the red-and-white Delete File button

Click Yes at the Delete on Reboot prompt

Click No at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually into Normal Mode

Run Panda Active Scan again

Post the Panda Active Scan log here along with a fresh HijackThis log

Edited by Linkmaster, 09 October 2006 - 09:49 AM.

[Guest1234]

Panda Log

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Henry\Cookies\henry@com[1].txt
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_pdgnow.txt
Hacktool:HackTool/EvID Not disinfected E:\Program Files 2\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]


Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 7:04:26 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program Files 2\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

[Linkmaster]

One stubborn file, but we are going to get it !!

Download About:Buster© by RubbeRDuckY
Open AboutBuster folder, then double click the AboutBuster.exe
Click "Extract all" in the box that pops up, then "Next"
Choose the location you would like to install AboutBuster, such as My Documents
Make sure "Show extracted files" is checked, then click "Finish"

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run About:Buster
Open AboutBuster and click the "Begin Removal" button It will shut down all Explorer windows (if open) while it works.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log

Reboot to Normal Mode

Run Panda Active Scan again !

Post the About:Buster log and the Panda Active Scan log here

[Guest1234]

I didn't get a log for the AboutBuster.

Panda Log

Incident Status Location

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Henry\Cookies\henry@cgi-bin[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Henry\Cookies\henry@clickbank[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Henry\Cookies\henry@com[1].txt
Hacktool:HackTool/EvID Not disinfected C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_pdgnow.txt