Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop ups


  • Please log in to reply

#1
itsjonny

itsjonny

    Member

  • Member
  • PipPip
  • 10 posts
I've been getting popups on internet explorer that I can't seem to get rid of. I've used the AVG antivirus,antispyware, and antirootkit products. For some reason when I tried to run the ActiveScan, the browser crashed. Here are my logs.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:54 PM, on 7/19/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jessica Ann Butanda\Desktop\hijackthis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.freescrat...s/fswinst01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1184791634342
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1184791234936
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotb...ams/hbtools.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\System32\dsdhk.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\dlshqams.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-----------uninstall list----------
2004 National Plumbing and HVAC Estimator
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Apple Software Update
Aquatica Waterworlds
AT&T WorldNet Setup 2.0
AVG 7.5
AVG Anti-Spyware 7.5
BroadJump Client Foundation
CCleaner (remove only)
Coloreal
Compaq Advisor
Compaq SetRefresh
CompuServe 2000
Desktop Weather by The Weather Channel
EarthLink Software
Easy Access Button Support
Easy CD Creator 5 Basic
Encarta Online
FinePixViewer Ver.4.3
FUJIFILM USB Driver
HijackThis 1.99.1
hp deskjet 3820 series (Remove only)
HP Deskjet 3840
hp instant support
HP Software Update
InterActual Player
InterVideo WinDVD
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment, SE v1.4.2_05
Microsoft Internet Explorer 6 SP1
Microsoft Works 6.0
Microsoft XML Parser and SDK
ModemXpert
MySpaceIM
Netscape 6 (6.2.1)
NetWaiting
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
Quicken 2002 New User Edition
Quicken Financial Center
QuickTime
RealOne Player
RelevantKnowledge
ShopperReports
SoundMAX
Sprint virtual assistant
SUPERAntiSpyware Free Edition
TestGen Plug-in from IE
Viewpoint Media Player (Remove Only)
Weather Services
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP2) [See Q329115 for more information]
Yahoo! Essentials
Yahoo! Internet Mail
Yahoo! Login
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

------------
SUPERAntiSpyware Scan Log
Generated 07/17/2007 at 07:26 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1281

Scan type : Complete Scan
Total Scan Time : 01:30:25

Memory items scanned : 325
Memory threats detected : 1
Registry items scanned : 4391
Registry threats detected : 412
File items scanned : 40565
File threats detected : 78

RelevantKnowledge Spyware Component
C:\WINDOWS\SYSTEM32\RLLS.DLL
C:\WINDOWS\SYSTEM32\RLLS.DLL
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000001
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000002
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000003
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000004
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000005
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries0000000011
C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\TEMP\DM154.TMP
C:\WINDOWS\SYSTEM32\RLXF.DLL

Adware.HotBar/ShopperReports (Low Risk)
HKLM\Software\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\Implemented Categories
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\InprocServer32
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\InprocServer32#ThreadingModel
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\ProgID
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\TypeLib
HKCR\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\VersionIndependentProgID
C:\PROGRAM FILES\SHOPPERREPORTS\BIN\2.0.20\SHPRRPRT.DLL
HKLM\Software\Classes\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\InprocServer32
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\InprocServer32#ThreadingModel
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\ProgID
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\TypeLib
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}

Adware.HotBar/SpamBlockerUtility (Low Risk)
HKLM\Software\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}#AppID
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Implemented Categories
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\InprocServer32
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\InprocServer32#ThreadingModel
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Instance
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Instance#CLSID
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Instance\InitPropertyBag
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\Instance\InitPropertyBag#Url
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\ProgID
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib
HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\VersionIndependentProgID
C:\PROGRAM FILES\HBTOOLS\BIN\4.8.0.0\HBTHOSTIE.DLL
HKLM\Software\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\InprocServer32
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\InprocServer32#ThreadingModel
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\ProgID
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\Programmable
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\TypeLib
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\VersionIndependentProgID
C:\PROGRAM FILES\HBTOOLS\BIN\4.8.4.0\HBTHOSTIE.DLL
HKLM\Software\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Control
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Implemented Categories
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\InprocServer32
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\InprocServer32#ThreadingModel
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Instance
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Instance#CLSID
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Instance\InitPropertyBag
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Instance\InitPropertyBag#Url
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\MiscStatus
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\MiscStatus\1
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\ProgID
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Programmable
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\ToolboxBitmap32
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\Version
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCR\HbtHostIE.Bho.1
HKCR\HbtHostIE.Bho
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}\1.0
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}\1.0
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}\1.0\win32
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}\1.0\FLAGS
HKCR\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}\1.0\HELPDIR
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Browser Hijacker.Apropos Media/PeopleOnPage
HKLM\Software\Classes\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409

Adware.SearchClickAds
HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}#AppID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32#ThreadingModel
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\ProgID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\Programmable
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\TypeLib
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\VersionIndependentProgID
C:\WINDOWS\CFG32O.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKLM\SOFTWARE\zAbstract
HKLM\SOFTWARE\zAbstract#r
HKLM\SOFTWARE\zAbstract#App1
HKLM\SOFTWARE\zAbstract#App3
HKLM\SOFTWARE\zAbstract#App4
HKLM\SOFTWARE\zAbstract#App5
HKLM\SOFTWARE\zAbstract#Version
HKLM\SOFTWARE\zAbstract#BundleID
HKLM\SOFTWARE\zAbstract#Parent
HKLM\SOFTWARE\zAbstract#App2
HKLM\SOFTWARE\zAbstract#CList

Adware.webHancer
HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\win32
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP257\A0071681.EXE

Adware.GAIN/DashBar
HKLM\Software\Classes\CLSID\{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\InprocServer32
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\InprocServer32#ThreadingModel
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\ProgID
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\Programmable
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\TypeLib
HKCR\CLSID\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}\VersionIndependentProgID
C:\PROGRAM FILES\DASHBAR\DASHBAR21.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}
HKCR\DashBarToolBar.SearchScoutBandObj.1
HKCR\DashBarToolbar.SearchScoutBandObj
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}\1.0
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}\1.0
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}\1.0\win32
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}\1.0\FLAGS
HKCR\TypeLib\{8642D0F2-37CC-46b7-AA5B-399E6E68C626}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\Jessica Ann Butanda\cookies\jessica ann [email protected][2].txt
C:\Documents and Settings\Jessica Ann Butanda\cookies\jessica ann [email protected][2].txt
C:\Documents and Settings\Jessica Ann Butanda\cookies\jessica ann [email protected][1].txt
C:\Documents and Settings\Emmanuel Butanda\Cookies\emmanuel [email protected][1].txt
C:\Documents and Settings\Emmanuel Butanda\Cookies\emmanuel [email protected][2].txt
C:\Documents and Settings\Emmanuel Butanda\Cookies\emmanuel [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia butand[email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][3].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][2].txt
C:\Documents and Settings\Patricia Butanda\Cookies\patricia [email protected][1].txt
C:\Documents and Settings\Patricia Butanda\Local Settings\Temp\Cookies\patricia [email protected][1].txt

Adware.Starware
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\Implemented Categories
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\InprocServer32
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\InprocServer32#ThreadingModel
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\Implemented Categories
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\InprocServer32
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\InprocServer32#ThreadingModel

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
HKCR\ACM.ACMFactory
HKCR\ACM.ACMFactory\CLSID
HKCR\ACM.ACMFactory\CurVer
HKCR\ACM.ACMFactory.1
HKCR\ACM.ACMFactory.1\CLSID
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
HKLM\Software\WhenUSave
HKLM\Software\WhenUSave#db_script_update
HKLM\Software\WhenUSave#InstallDir
HKLM\Software\WhenUSave#pats_url
HKLM\Software\WhenUSave#pat_chunks_url
HKLM\Software\WhenUSave#script_url
HKLM\Software\WhenUSave#update_url
HKLM\Software\WhenUSave#ver_url
HKLM\Software\WhenUSave#extraver_url
HKLM\Software\WhenUSave#ziptomsa_url
HKLM\Software\WhenUSave#Partner
HKLM\Software\WhenUSave#InstallTime
HKLM\Software\WhenUSave#PartnerB
HKLM\Software\WhenUSave#PartnerDesc
HKLM\Software\WhenUSave#PartnerParam
HKLM\Software\WhenUSave#FullDBTime
HKLM\Software\WhenUSave#HeartbeatTime
HKLM\Software\WhenUSave#brandskin_url
HKLM\Software\WhenUSave#brandstrip_rs
HKLM\Software\WhenUSave#brandstrip_url
HKLM\Software\WhenUSave#iptomsa_url
HKLM\Software\WhenUSave#timedDBUpdate_rs
HKLM\Software\WhenUSave#uninstalltag_rs
HKLM\Software\WhenUSave#db_local_update
HKLM\Software\WhenUSave#UpdateTime
HKLM\Software\WhenUSave#TotalPartner
HKLM\Software\WhenUSave#MSA
HKLM\Software\WhenUSave#extra_url
HKLM\Software\WhenUSave#himp_url
HKLM\Software\WhenUSave#maxPopups_rs
HKLM\Software\WhenUSave#TotalPopup
HKLM\Software\WhenUSave#bstat_rs
HKLM\Software\WhenUSave#db_stamp_rs
HKLM\Software\WhenUSave#db_server_update
HKLM\Software\WhenUSave#extraupdate_rs
HKLM\Software\WhenUSave#acm_rs
HKLM\Software\WhenUSave#Version
HKLM\Software\WhenUSave#SystemParam_rs
HKLM\Software\WhenUSave#PartnerUTag
HKLM\Software\WhenUSave#LastPartner
HKLM\Software\WhenUSave#zip
HKLM\Software\WhenUSave#HeartbeatCount
HKLM\Software\WhenUSave#redir3p_url
HKLM\Software\WhenUSave#CM2_xend
HKLM\Software\WhenUSave#uninst_rs
HKLM\Software\WhenUSave#uninstall_cmd_rs
HKLM\Software\WhenUSave#dbc_chunks_rs
HKLM\Software\WhenUSave#fword_rs
HKLM\Software\WhenUSave#src_url
HKLM\Software\WhenUSave#db_ver_update
HKLM\Software\WhenUSave#IPToMsaTime_rs
HKLM\Software\WhenUSave#UrlChangeCount
HKLM\Software\WhenUSave#db_fail_cnt
HKLM\Software\WhenUSave\Partners
HKLM\Software\WhenUSave\Partners\WUSV
HKLM\Software\WhenUSave\Partners\WUSV#Partner
HKLM\Software\WhenUSave\Partners\WUSV#InstallTime
HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc
HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam
C:\Program Files\Save\ACM.dll
C:\Program Files\Save\ffext.mod
C:\Program Files\Save\save.db
C:\Program Files\Save\Save.exe
C:\Program Files\Save\save.htm
C:\Program Files\Save\SaveNowupdate.exe
C:\Program Files\Save\SaveUninst.exe
C:\Program Files\Save\saveupdate.exe
C:\Program Files\Save\store.db
C:\Program Files\Save

Trojan.SpySheriff
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\SpySheriff

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\drivers\FOPN.sys

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#DeviceDesc

Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Type
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Start
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS00#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._

Trojan.PestTrap
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\SNO2

Adware.BookedSpace
HKCR\AppID\Scaggy.DLL
HKCR\AppID\Scaggy.DLL#AppID
HKCR\Scaggy.Insert
HKCR\Scaggy.Insert\CLSID
HKCR\Scaggy.Insert\CurVer
HKCR\Scaggy.Insert.1
HKCR\Scaggy.Insert.1\CLSID
HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\win32
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\FLAGS
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\HELPDIR

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
C:\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE

Adware.IPWins
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\IpWins

Malware.DriveCleaner
HKCR\UDCPChk.UDCPChk
HKCR\UDCPChk.UDCPChk\CLSID
HKCR\UDCPChk.UDCPChk\CurVer
HKCR\UDCPChk.UDCPChk.1
HKCR\UDCPChk.UDCPChk.1\CLSID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\InprocServer32
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\InprocServer32#ThreadingModel
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\ProgID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Programmable
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\TypeLib
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\VersionIndependentProgID
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\win32
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\FLAGS
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\HELPDIR
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid32
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP257\A0071752.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP257\A0071753.EXE

Adware.Zango Toolbar/Hb
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\InprocServer32
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\ProgID
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\Programmable
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\TypeLib
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\VersionIndependentProgID

Trojan.VideoCach/Gen
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Adware.Web Buying
HKU\S-1-5-21-1987657003-2731309904-3410288154-1008\Software\WebBuying

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
2907D4E66914B5C1E9E689DB6FC45715ED96D1223AD51A6C3832212339B3E4827B144 ]

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\JESSICA ANN BUTANDA\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL

Adware.k8l
C:\PROGRAM FILES\WINDOWS NT\RTERELEKUK.HTML

Trojan.Downloader-Stera/WinSoftware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP257\A0071814.EXE

Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP257\A0073601.DLL

Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Trace.Known Threat Sources
C:\Documents and Settings\Emmanuel Butanda\Local Settings\Temporary Internet Files\Content.IE5\GV0X2LM1\CAYL5PKI.htm
C:\Documents and Settings\Emmanuel Butanda\Local Settings\Temporary Internet Files\Content.IE5\89ATCDEF\banner1026n[1].gif
C:\Documents and Settings\Emmanuel Butanda\Local Settings\Temporary Internet Files\Content.IE5\O7896TQR\728x90-warning-v2-s-en[1].gif
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP