Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

So much viruses + spyware


  • This topic is locked This topic is locked

#1
crapaware866

crapaware866

    Member

  • Member
  • PipPip
  • 23 posts
Hi!

I received a computer from a family relative to find out it has so much viruses and other bad things on here like 180search assistant, my search bar, etc
I cant uninstall certain programs either! please help me!

hjt log THANK you and happy holidays!

Logfile of HijackThis v1.99.1
Scan saved at 2:57:18 AM, on 12/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\sdksf32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\BCMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
C:\WINNT\system32\winmr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\System32\MsiExec.exe
C:\WINNT\system32\PRISMSVR.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\PRISMSVC.EXE
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ukbzm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ukbzm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ukbzm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ukbzm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ukbzm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ukbzm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2AA2428-4F52-2D81-3E87-7BF45722CB9D} - C:\WINNT\system32\sdkwe.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [winmr32.exe] C:\WINNT\system32\winmr32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Verizon Online\WinPoET\Verizon Online.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originali...mbers/arrtv.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsyste...m/dm/dm_286.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downlo.../EGDHTML_US.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldw...sol/golfsol.cab
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINNT\SYSTEM32\PRISMAPI.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINNT\sdksf32.exe
  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Some real old infections on there. Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan. Then do this - download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#3
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hi! thanks for helping me.. heres your logs.

Logfile of HijackThis v1.99.1
Scan saved at 4:54:41 PM, on 12/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PRISMSVC.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PRISMSVR.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {F3DCBB26-3512-0E64-E7FA-A7FCD0FBD3E9} - C:\WINNT\sysvx32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Verizon Online\WinPoET\Verizon Online.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originali...mbers/arrtv.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsyste...m/dm/dm_286.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downlo.../EGDHTML_US.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldw...sol/golfsol.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINNT\SYSTEM32\PRISMAPI.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.EXE
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINNT\sdksf32.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:36:11 PM 12/25/2006

+ Scan result:



C:\temp\salm.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\temp\salmhook.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-789336058-1708537768-500\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Adware.AdDestroyer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Adware.AdDestroyer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Mwsvm -> Adware.AdRotator : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\Temporary Internet Files\Content.IE5\6NGXG16T\asmfiles[1].cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\Temporary Internet Files\Content.IE5\6NGXG16T\asmfiles[1].cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINNT\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bin\bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\ub.dat -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\angelex.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl1.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exul1.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\netut80ex.vxd/C:/WINNT/system32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\netut80ex.vxd/C:/WINNT/system32/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\netut80ex.vxd/C:/WINNT/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\netut80ex.vxd/C:/WINNT/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\zeta.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bargains -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Dbi -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\biU.cab/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\biU.cab/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINNT\bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINNT\preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINNT\system32\biU.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINNT\system32\biU.exe/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINNT\system32\newdevin.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bookedspace -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bookedspace\adware -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\ClearSearch\CSSS.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\ClearSearch\IE_ClrSch.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\bin\cssecure.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\bin\dmproxy.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\bin\dmserver.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSAppUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSBHO.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSEng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSIETB.dll_NT -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\CSUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\ComUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\FileUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSAppUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSBHO.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSEng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSIETB.dll_NT -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/CSUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/ComUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/FileUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12120949\package.cab/cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSAppUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSBHO.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSEng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSIETB.dll_NT -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\CSUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\ComUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\FileUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSAppUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSBHO.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSEng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSIETB.dll_NT -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/CSUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/ComUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/FileUtil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\DM\temp\pckg12282591\package.cab/cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\comet.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\comutil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csadzap.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csapputil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csband.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csbho.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\cscore.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\cseng.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csietb.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\csutil.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Comet Systems\Platform\Bin\fileutil.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CacheCleaner -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CacheCleaner.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CacheCleaner\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CacheCleaner\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CookieCleaner -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CookieCleaner.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CookieCleaner\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.CookieCleaner\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.FormCleaner -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.FormCleaner.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.FormCleaner\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.FormCleaner\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HZMgr -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HZMgr.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HZMgr\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HZMgr\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HistoryEntries -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HistoryEntries.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HistoryEntries\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.HistoryEntries\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.TypedURLs -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.TypedURLs.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.TypedURLs\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HistoryZapper.TypedURLs\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Puk.PukBHO -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Puk.PukBHO.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Puk.PukBHO\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Puk.PukBHO\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Comet Systems -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Comet Systems\Offsets -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Comet Systems\Offsets\comet.exe -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWAR -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0061BD63-058F-80E6-6F6F-93801F6BBD3D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00A967B9-116E-2D7C-E935-A210A88C986F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{01FF49E1-490C-E198-7412-E2CBC2045A13} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{02AEAA25-3904-6BE5-7097-9EFE2ED9FC70} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{02CFDF76-9100-D481-ECDC-E86B42ABB057} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{02DAAF1A-BCBB-44FB-C176-7F4CDEFE89CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{03FF7663-C35E-6699-5A28-2CF30D6E3BE5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{064A6B64-1803-C5DB-2D21-0CEBABE0A037} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AA50A00-88C7-A514-E182-91E9299A99BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0C492E2F-7DE0-A227-CC59-4F6FB343F31A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0CDF955B-16B5-824E-57D6-43DC988DD32F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D8789AB-2309-C07B-E12E-0E4012D7E64A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0DB1BD5F-E403-0814-0E45-4F827E5B626A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{10F0CAB6-9AE9-16D3-B085-4E1F259941CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{131C897D-EF1A-7D5E-97AC-1EB8477F4DA5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A755A19-9536-85E1-1BB1-4EF01227F036} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F6CDC93-C433-FF81-736D-584316B09343} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21BB70B3-4828-99F1-80CC-29381C29B0EE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2289C3BC-08A2-E720-D9CC-69CF6C990342} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{251FDD5A-2605-95C5-B131-7880029FEA94} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{29D791D2-6FB1-83E9-E2ED-F84AA21A3F30} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B61EE94-AEC0-9B53-D6A6-15FC8C5DA524} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2CC6A517-A3F6-E8B0-E2EF-D78734877AC5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3137B013-E875-4007-802A-2649D8D1EA0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{316D7F4E-D480-F61F-2436-7E50E893226E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{33D4D199-FF79-3F6E-5962-4588C8D320C1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{34487B91-D3E9-1455-E32F-F315E7343514} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38896196-456D-FF8D-1ADC-92611A0D767B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A56CB6F-27A1-D04B-2D30-47F0F00ABD56} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3B6C709D-7CE2-86AB-4764-145BE29D9123} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3BE11802-27CE-4D4C-FA5C-44AA0FEB8424} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C806816-479E-BB30-47DA-686AFF6BD52D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3CF1BB87-9FFA-F3F0-02F0-92CF58C64469} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3DE0E98D-84A7-60E2-94F8-5DD786BF1EC3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41F255A8-1FE6-8832-4EEB-5A49E368C5E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{48460FA3-D2B6-CDE1-9320-54E19DD797B4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{49CC0F19-83F2-64E4-F4E2-F352D4537F04} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{509E388D-6852-B1D3-B7A8-5DA2D883CF02} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{52CA19C1-11C8-4272-E11C-3426F72C0AB9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55BCFF6E-99E3-8E7B-2347-B679FEDB27B6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{563DCE88-75DB-95E7-58A3-CADCD2ABD78D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AEBB5AF-6F62-9341-C85D-6C5900678C8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5CCD81EB-BF8B-F83D-9F8E-1823CE6CF55D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5CF1D2C2-FB1E-2D3F-64D9-C0B8792AF832} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D816914-0871-12D5-B755-1DFA2661BAD3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DC7E431-DCA1-121D-F3D1-5A19AA06F830} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5EB9B2C1-4843-D290-4066-66BC6227AB85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5F49914A-3464-80CE-6A66-3389ACAE5AB5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{600C1431-EAEA-AF1C-64CD-324D566EFC70} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{66FCA18D-1EBC-16BF-9407-B1EC0629FA0E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{69AD0FD5-EFBF-0E97-D3E2-A46E0B4D9B5B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A08448E-0F71-4A94-9AB0-5933F62AE92E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6AE347EA-720B-8C90-92FD-E61B12875D37} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CF6EB6E-EE8B-B7A0-FC68-F6D6318DC959} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6EC213D9-2114-DCAB-1A44-D6F48F546285} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F763520-0AB9-EB58-58F8-B7CC0AF48490} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{750A6761-6392-8539-908D-4036A50DE210} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{78BA4201-3544-F490-1037-A0AC2A41B6C8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B55DC7C-81DF-D9C0-F756-0A70709FEDD9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7CD8DC71-9026-B4FD-7449-6262F82652A8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7D9AC8D0-5E44-2E36-EFED-1EBAA211726C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7E98B069-086B-880C-335A-803A4AEF3C18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{81983AEA-7146-CD02-41C4-1A75DC654C59} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{855DCD2B-E394-D9BA-98A2-D81738BBFD85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8738D032-B763-E55A-B60E-D4BD7BB61FB6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8A69B101-0AD2-2344-9648-FBF68DFB1E93} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8C402DD7-C2E2-CAC1-1707-E86BE4197160} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{91234551-E61B-C1A3-7E11-D2F5D7587430} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{938EDA73-B848-25BB-A986-A3DCA507169A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93FF47BD-28B2-18C7-1493-B7AA233EB880} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{97E4E0E8-6A6A-7464-61D0-DD31A388D1B8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9F03A462-9CF5-0E4F-8C5F-815E399436D2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FB1F6A5-E677-3212-66EB-5FEA92AD0CC5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9FBD5203-394B-4B59-802D-77E681D25592} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1747CDA-DF6E-9351-9646-E4EDFB0652D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A681CA0F-7674-FC59-69C1-7C21EF2541DE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A6F8D01B-BD6E-94B1-0E13-F4A89A1BA424} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A9603122-BBEE-8287-CEEA-5A1760205805} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA38BCF7-74D0-F8C7-A209-92FBD823515E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B05A1A23-1E4C-3144-098C-44FD230852E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B12712D7-ACFD-449A-2E4E-B5894E2E6766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B3394D25-BB3E-A211-B352-39C3AF5647B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B3E2B483-AA0E-3DFD-41B9-7B33957286D3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6A3E8CC-EC52-30B1-6CC6-92B377FCB99B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9149CAB-27C1-6D7D-EC18-3BB1958B909E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9DA6791-95BA-4285-8B14-E69E4EF4A50D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BC3B61F6-5ABC-65F0-EA97-8CAF7C431BC7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BCF3208C-373A-C864-4F82-4F99EFBE3866} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BD24D4EE-A788-D059-D3EB-03A230A03688} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BDA97CB9-238F-6A38-CAD0-47F248F0A8EA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BE66A9C1-10FA-86F9-D013-9C177FD23477} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BEC227BD-6A8F-E5C9-B843-3F5517456552} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFD60278-6A2B-3485-AA7A-3E735AEC07AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C086A50D-7FBB-97FD-CFF2-05B844A747E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0B197F3-63C5-3AE6-646E-057FD313BC98} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C3A13BFB-0558-EDB3-D528-1D413FF545BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C43DB057-C519-7B8A-7434-E2FC766E0AAF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C57C2283-6E09-A0F3-2CC1-E4ED822B5340} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C57DCEAD-B55C-0182-570C-3E713BB4D310} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C68D2934-C6B3-3674-F47B-ED8DD3F1C759} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CA0D8007-9868-C1A6-71F5-8D2AAF244D1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CA2119A8-938E-177E-2620-0DBF72794E15} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBD76820-02E2-A7FC-44D4-64906C2A9CF0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC5BAD4C-8CA3-C206-BB64-001B9FC8A31C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC68E8C9-85E6-1763-95EC-B7F0155F3491} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE44D27D-22B3-4CE5-483E-DD1D1F909277} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE4F710F-22A5-CC2B-2D18-4A75C5FF4232} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE619AA3-BFA1-50FE-9C0C-6EF11F9A6477} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE69A8BF-C2B1-CB51-B3FE-9C25B7ADBFBA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE963E76-A2D8-F27C-75B5-94F731478AA6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D00261F9-5D9F-1F15-7644-57DCA95AC59E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D198BEE2-0D44-A397-DD54-A5D83F4D818E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2404007-1522-F9CF-1BC2-D2C25935F349} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D57D4914-02FF-2AA0-79FA-27E655F22AAD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D9C3BD9B-1F9E-3EAA-1D1B-A2CBA6A6CC5B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA539717-2287-1D34-BD81-9E97B33F205C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA9ADD1B-A6A7-7A01-DE0C-1BB3DA5E88C3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E0632594-35AE-C16D-3961-791ADD7AE8A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E07E6793-4616-5514-09FD-26E84564B4CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E1506DEB-624C-266E-3773-0BAC341C6536} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E22D513B-9033-2058-6CC5-98B0336603AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2FC429A-2C0F-CEC2-7347-8144CDCDA44A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E37F8D19-5E13-8BCD-B85D-24C0086C66F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E4656825-512E-3213-BB61-0A010DD3E74F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E5B9DD9D-9FB0-21F5-A24D-4D1B2F1FA9A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E9406822-2B46-D484-7071-F0EF1F47DCA3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EBCE955D-55C2-1BA9-E75B-9E4D6197FF79} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDD4C014-5E70-B6DC-DF81-83233ADC8CB9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFDD287A-1760-2815-7CE6-4A21166BE0B9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EFFD7B6E-669B-14AB-01F1-8F860433B792} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F0B1D569-2C0E-BD75-282F-715116D9131A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F180E585-0087-57F4-F984-707D99116EF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F672A8B9-5FE1-720B-FCDE-34AD19906EB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F680E3D0-9718-E42A-8169-C681931480DB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F8008B13-FD1D-9DAB-25AF-95EAB9FA0AC5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F87905DE-064A-D9F0-E88B-ECF4791B99A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F8D2AB6D-CC49-0ED5-84A7-D11EE6196168} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FB35EFBF-FC63-375D-B126-C7CD9B31510B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FC5F4FD2-9814-9658-709F-821EB79F97AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FE64E088-263A-EBAC-8BB3-A17062A94CCE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEC8F3C3-A995-69E4-772B-B4D822AC38E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Image.Image -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Image.Image.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Image.Image\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Image.Image\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ae23.ae23Obj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ae23.ae23Obj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ae23.ae23Obj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ae23.ae23Obj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Submit URL -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINNT\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINNT\iLookup\TTIL.exe -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINNT\system32\arrtvi.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\WINNT\system32\m3tsp8.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\Program Files\Submit\submithook.dll -> Adware.FreeComm : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HDPlugin.HDPluginCtrl -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HDPlugin.HDPluginCtrl.1 -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HDPlugin.HDPluginCtrl\CLSID -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HDPlugin.HDPluginCtrl\CurVer -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\\Local Settings\Temp\ICD4.tmp\WildApp.dll -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\Administrator -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\Administrator\ebateswebsavingsdr0data.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\ -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\\dataexcludeebateswebsavingsdr0saved.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\\ebateswebsavingsdr0data.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\merchants.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata1.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\updates.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications\cmpck.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications\ebatesdatamerchCust.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Code\Main.class -> Adware.MoneyMaker

Edited by crapaware866, 25 December 2006 - 03:56 PM.

  • 0

#4
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
heres the extra SUPERANTISPYWARE report.. for some reason it would not go all onto one post.

SUPERAntiSpyware Scan Log
Generated 12/25/2006 at 03:20 PM

Application Version : 3.4.1000

Core Rules Database Version : 3153
Trace Rules Database Version: 1170

Scan type : Complete Scan
Total Scan Time : 00:49:52

Memory items scanned : 297
Memory threats detected : 1
Registry items scanned : 4094
Registry threats detected : 127
File items scanned : 52844
File threats detected : 213

Adware.MyWebSearch
C:\PROGRA~1\MYWAY\BAR\3.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWAY\BAR\3.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWAY\BAR\3.BIN\MWSOEMON.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\@doubleclick[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@atwola[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@mywebsearch[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@atwola[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@rightmedia[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@azjmp[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@maxserving[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@stats[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@ads.eteamz[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@bannerspace[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@mywebsearch[3].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@adultfriendfinder[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@ads.vnuemedia[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@emarketmakers[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@stat.dealtime[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@dealtime[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@atwola[3].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@ad3.bannerbank[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@apmebf[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@clicks.jackpot[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@maxserving[2].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@banner[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@partner2profit[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@adrevolver[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@webpower[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@bizrate[1].txt
C:\Documents and Settings\\Local Settings\Temp\Cookies\@realmedia[1].txt
C:\Documents and Settings\\Cookies\@atwola[1].txt
C:\Documents and Settings\\Cookies\@webpower[2].txt
C:\Documents and Settings\\Cookies\@partypoker[1].txt
C:\Documents and Settings\\Cookies\@a.websponsors[2].txt
C:\Documents and Settings\\Cookies\@realmedia[1].txt
C:\Documents and Settings\\Cookies\@rightmedia[2].txt
C:\Documents and Settings\\Cookies\@bannerspace[2].txt
C:\Documents and Settings\\Cookies\@www.ez-tracks[2].txt
C:\Documents and Settings\\Cookies\@ez-tracks[2].txt
C:\Documents and Settings\\Cookies\@azjmp[2].txt

Adware.MyWay
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
C:\Program Files\MyWay\bar\Game\CHECKERS.F3S
C:\Program Files\MyWay\bar\Game\CHESS.F3S
C:\Program Files\MyWay\bar\Game\REVERSI.F3S
C:\Program Files\MyWay\bar\Game\REVERSI\index.htm
C:\Program Files\MyWay\bar\Game\REVERSI\board.gif
C:\Program Files\MyWay\bar\Game\REVERSI\btn-flat.gif
C:\Program Files\MyWay\bar\Game\REVERSI\btn-push.gif
C:\Program Files\MyWay\bar\Game\REVERSI\common-b.gif
C:\Program Files\MyWay\bar\Game\REVERSI\common-w.gif
C:\Program Files\MyWay\bar\Game\REVERSI\reversi.js
C:\Program Files\MyWay\bar\Game\REVERSI
C:\Program Files\MyWay\bar\Game\CHESS\index.htm
C:\Program Files\MyWay\bar\Game\CHESS\btn-flat.gif
C:\Program Files\MyWay\bar\Game\CHESS\btn-push.gif
C:\Program Files\MyWay\bar\Game\CHESS\bishop-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\bishop-w.gif
C:\Program Files\MyWay\bar\Game\CHESS\board.gif
C:\Program Files\MyWay\bar\Game\CHESS\chess.js
C:\Program Files\MyWay\bar\Game\CHESS\king-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\king-w.gif
C:\Program Files\MyWay\bar\Game\CHESS\knight-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\knight-w.gif
C:\Program Files\MyWay\bar\Game\CHESS\pawn-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\pawn-w.gif
C:\Program Files\MyWay\bar\Game\CHESS\queen-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\queen-w.gif
C:\Program Files\MyWay\bar\Game\CHESS\rook-b.gif
C:\Program Files\MyWay\bar\Game\CHESS\rook-w.gif
C:\Program Files\MyWay\bar\Game\CHESS
C:\Program Files\MyWay\bar\Game
C:\Program Files\MyWay\bar\Settings\prevcfg.htm
C:\Program Files\MyWay\bar\Settings\settings.dat.bak
C:\Program Files\MyWay\bar\Settings\settings.dat
C:\Program Files\MyWay\bar\Settings\settings.htm.bak
C:\Program Files\MyWay\bar\Settings\settings.htm
C:\Program Files\MyWay\bar\Settings
C:\Program Files\MyWay\bar\Cache\files.ini
C:\Program Files\MyWay\bar\Cache\0102914E.bin
C:\Program Files\MyWay\bar\Cache\01029591.bin
C:\Program Files\MyWay\bar\Cache\01029BC0.bin
C:\Program Files\MyWay\bar\Cache\0102C4AB.bin
C:\Program Files\MyWay\bar\Cache\0102CB8D.bin
C:\Program Files\MyWay\bar\Cache\0102CCBA.bin
C:\Program Files\MyWay\bar\Cache\0102CE2C.bin
C:\Program Files\MyWay\bar\Cache\0102D07B.bin
C:\Program Files\MyWay\bar\Cache\0102D1F8.bin
C:\Program Files\MyWay\bar\Cache\0102D34C.bin
C:\Program Files\MyWay\bar\Cache\0102D519.bin
C:\Program Files\MyWay\bar\Cache\0102D645.bin
C:\Program Files\MyWay\bar\Cache\0102D7D6.bin
C:\Program Files\MyWay\bar\Cache\0102D9C0.bin
C:\Program Files\MyWay\bar\Cache\010CA79C.bin
C:\Program Files\MyWay\bar\Cache\010CA9C3.bin
C:\Program Files\MyWay\bar\Cache\010CAB54.bin
C:\Program Files\MyWay\bar\Cache\0726E9BD.bin
C:\Program Files\MyWay\bar\Cache\0726EB76.bin
C:\Program Files\MyWay\bar\Cache\0726EC5C.bin
C:\Program Files\MyWay\bar\Cache
C:\Program Files\MyWay\bar\History\search
C:\Program Files\MyWay\bar\History
C:\Program Files\MyWay\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWay\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWay\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWay\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWay\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWay\bar\2.bin\mwsoeplg-install.log
C:\Program Files\MyWay\bar\2.bin
C:\Program Files\MyWay\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWay\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWay\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWay\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWay\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWay\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWay\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWay\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWay\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWay\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWay\bar\3.bin
C:\Program Files\MyWay\bar
C:\Program Files\MyWay\SearchAt\Cache\files.ini
C:\Program Files\MyWay\SearchAt\Cache\010D3E42
C:\Program Files\MyWay\SearchAt\Cache
C:\Program Files\MyWay\SearchAt\2.bin\MWSSRCAS.DLL
C:\Program Files\MyWay\SearchAt\2.bin
C:\Program Files\MyWay\SearchAt\3.bin
C:\Program Files\MyWay\SearchAt
C:\Program Files\MyWay\myBar\1.bin\UNINSTALL.INF
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\Cache\files.ini
C:\Program Files\MyWay\myBar\Cache\01CCE4AE.bin
C:\Program Files\MyWay\myBar\Cache\01CCE576.bin
C:\Program Files\MyWay\myBar\Cache\01CCE653.bin
C:\Program Files\MyWay\myBar\Cache
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar\3.bin\MY2NS.EXE
C:\Program Files\MyWay\myBar\3.bin\MYWAYPLUGINPROXY.CLASS
C:\Program Files\MyWay\myBar\3.bin\PARTNER.BMP
C:\Program Files\MyWay\myBar\3.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\3.bin\PARTNER2.DAT
C:\Program Files\MyWay\myBar\3.bin\PARTNER3.DAT
C:\Program Files\MyWay\myBar\3.bin\PARTNER4.DAT
C:\Program Files\MyWay\myBar\3.bin\PARTNER5.DAT
C:\Program Files\MyWay\myBar\3.bin\PARTNER6.DAT
C:\Program Files\MyWay\myBar\3.bin
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay

Unclassified.Unknown Origin
HKCR\CLSID\{FF25AC2A-8BAA-49EE-5C73-483F22B4B257}
HKCR\CLSID\{FF25AC2A-8BAA-49EE-5C73-483F22B4B257}\Data

Parasite.CoolWebSearch Variant
HKCR\CLSID\{69C0CE95-FBC7-0346-F278-207DE174E121}
HKCR\CLSID\{69C0CE95-FBC7-0346-F278-207DE174E121}\Data

Trojan.SmartFinder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA#UninstallString

Adware.BookedSpace
C:\WINNT\bsx32.ini
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0\win32
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\FLAGS
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\HELPDIR
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid32
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib#Version
HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}

Adware.Spyware Labs/Virtual Bouncer
C:\Program Files\AdDestroyer
C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\TEMP\GLB145.TMP

Adware.ClearSearch
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\0
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\0\win32
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\FLAGS
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\HELPDIR
C:\Program Files\ClearSearch\CSIE.DLL
C:\Program Files\ClearSearch\CSBI.DLL
C:\Program Files\ClearSearch\CSZT.DLL
C:\Program Files\ClearSearch\control.dat
C:\Program Files\ClearSearch

Adware.Second Thought
C:\WINNT\SYSTEM32\STCLOADER.EXE
C:\PROGRAM FILES\STC\STC.EXE

Trojan.Instant Access
C:\WINNT\SYSTEM32\EGDHTML_1025.DLL

TargetSaver, Inc. Process
C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\TEMP\GLF248GLF248.EXE
C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\TEMP\GLF260GLF260.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\GLF1AGLF1A.EXE
C:\TEMP\POOTZ_58.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SEVEN DAYS OF FREE PORN.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\ONLINE TRADING.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\INTERNET.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\WEB SITE DESIGN.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\WEB HOSTING.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\AFFILIATE PROGRAM.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\E-BUSINESS NEWS\DOMAIN NAMES.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\HEALTH INSURANCE.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\FITNESS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\WOMEN HEALTH.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\NUTRITION.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\DIET.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\HEALTH NEWS\MEN HEALTH.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\SKIN CARE.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\COMPUTERS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\COSMETICS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\GIFTS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\ELECTRONICS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\AUTO.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\BOOKS.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SHOPPING NEWS\CLOTHING.URL
C:\DOCUMENTS AND SETTINGS\\FAVORITES\SEARCH THE WEB.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\BIG BOOBS GIRLS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\BLACK SEXY GIRLS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\BLOWJOB.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\EURO GIRLS - SEX FANTASY.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\EURO SLUTS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\EXTREME SEX.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\HARDCORE FETISH PORN.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\WORLD OF HARDCORE PORN.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\GIRL-ON-GIRL LESBIAN.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\HOT LIVE SEX.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\PORN WEBCAMS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\MEGAGIRLS ONLINE!.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\PISS SEX.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\YOUNG AND SEXY TEENS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\HARDCORE TEEN SEX.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\MEGA BIG BOOBS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\GAY FANTASY.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\GAY TWINKS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\BIG DICK GAYS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\BLACK GAYS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\HARDCORE GAY SEX.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\YOUNG TEEN GAYS.URL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\MEGA BOYS SEX SHOW.URL


(NOTE: THIS WAS NOT MY COMPUTER) I DID NOT DO ANY ACTIVITY ON THIS COMPUTER INTILL YESTERDAY BY TRYING TO POST MY LOGS. THATS IT. THANK YOU.
  • 0

#5
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Let's see if this clears the remainder - go to Start->Run and type Services.msc then hit Ok. Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\viryz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2
O2 - BHO: (no name) - {F3DCBB26-3512-0E64-E7FA-A7FCD0FBD3E9} - C:\WINNT\sysvx32.dll (file missing)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originali...mbers/arrtv.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsyste...m/dm/dm_286.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downlo.../EGDHTML_US.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#6
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hi daemon

in the services.msc it was already stopped so i didnt touch it i didnt wanna mess with it i got scared!

heres the log.. thank you so much

Logfile of HijackThis v1.99.1
Scan saved at 2:30:45 PM, on 12/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PRISMSVC.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PRISMSVR.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Wireless\PRISMCFG.EXE
C:\WINNT\System32\SCardSvr.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldw...sol/golfsol.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINNT\SYSTEM32\PRISMAPI.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.EXE
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINNT\sdksf32.exe (file missing)
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please disable it as described in my previous post, reboot and post a new HJT log.
  • 0

#8
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry for not disabling.. heres the new log

Logfile of HijackThis v1.99.1
Scan saved at 4:34:28 PM, on 12/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PRISMSVC.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PRISMSVR.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldw...sol/golfsol.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINNT\SYSTEM32\PRISMAPI.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.EXE
  • 0

#9
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
That's better. I see Norton has disappeared from your system - don't you have an antivirus now?
  • 0

#10
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yes I deleted norton as it was expired.

I will get AVG asap.

how am i running any more malware?
  • 0

#11
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Your log looks OK now - tell me how its running.
  • 0

#12
crapaware866

crapaware866

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Still a little slow..

boot up is slow...

thx for the help.
  • 0

#13
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
A slow computer does not mean there is malware present. I don't see anything in your Hijack This log to indicate that your problem is malware related. I will post the following info to get you started in the right direction, but if you need further help with this you will have to post a new topic in the proper Operating System Forum.

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

Disk Cleanup:

http://www.theelderg...nup_utility.htm

Defrag your HD:

http://artsweb.bham....rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Remove unnecessary startups

In your HijackThis log, all the entries that are prefixed by O4 are the programs that Start when you turn your machine on. If you go here:

http://castlecops.com/StartupList.html

you can check each one individually. Any that have a U or N status then you can decide whether to stop them at Start-up.

To do this, click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done. Open the program again, click Mode>Advanced mode>Tools>System Startup and disable the entries you no longer want by clicking the little box so that the checkmark is removed. Do not delete them and don't disable any system start-ups. Reboot.

Let me know if this helps.

Edited by Daemon, 27 December 2006 - 03:15 AM.

  • 0

#14
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP