i've cleaned a couple of files.. here are my HJT and my ewigo reports in SAFE MODE files...
---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------
+ Creado en: 00:34:59, 15/06/2005
+ Report-Checksum: 674C0267
+ Fecha de la base de datos: 15/06/2005
+ Versión del scanner: v3.0
+ Duración: 34 min
+ Archivos explorados: 63341
+ Velocidad: 30.70 Archivos/Segundo
+ Archivos infectados: 88
+ Archivos eliminados: 88
+ Archivos puestos en cuarentena: 88
+ Archivos que no se han podido abrir: 0
+ Archivos que no se han podido limpiar: 0
+ Carpeta: Si
+ Encriptar: Si
+ Archivos: Si
+ Items explorados:
C:\
D:\
+ Resultados de la exploración:
C:\Archivos de programa\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy.n -> Limpio con backup
C:\Archivos de programa\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy.n -> Limpio con backup
C:\Archivos de programa\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide -> Limpio con backup
C:\Archivos de programa\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\856F41E3\aurora[1].exe -> Spyware.BetterInternet.c -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\SDIJSL27\DrPMon[1].dll -> Trojan.Agent.db -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\SDIJSL27\Poller[1].exe -> Spyware.BetterInternet -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\STE3SX23\nem220[1].dll -> TrojanDownloader.Dyfuca -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\STE3SX23\sploit[1].anr -> TrojanDownloader.Ani.c -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\STE3SX23\stat[1].htm -> TrojanDownloader.Agent.e -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\1.qtdfmp -> TrojanDownloader.Small.aue -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\2.qtdfmp -> Not-A-Virus.Hoax.Renos.a -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\5.qtdfmp -> TrojanDownloader.Small.ayc -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\6.qtdfmp -> TrojanDownloader.Small.aux -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\7.qtdfmp -> TrojanDownloader.Small.atl -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\maxdd.game -> Dialer.Generic -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\nstE.EXE -> Spyware.SmartPops -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\umqltg4cl_.exe -> Spyware.SAHA -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vx1.game -> TrojanProxy.Small.bk -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vx2.game -> Backdoor.Agent.iw -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vx3.game -> TrojanDownloader.Agent.ho -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vx4.game -> Spyware.Hijacker.Generic -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vxt1.game -> TrojanDownloader.Small.aqt -> Limpio con backup
C:\Documents and Settings\gUzAnO\Configuración local\Temp\vxt2.game -> Trojan.LowZones.y -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@advertising[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@atdmt[2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@burstnet[2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@com[2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@fastclick[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@linksynergy[2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@sextracker[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@speedbit[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@spylog[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\guzano@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\gUzAnO\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\92Q8NP7H\loadppc[1].exe -> Spyware.Zbar -> Limpio con backup
C:\Documents and Settings\Victor\Cookies\victor@fastclick[1].txt -> Spyware.Tracking-Cookie -> Limpio con backup
C:\WINDOWS\cdmagent\kohwtcllql.exe -> Spyware.SmartPops -> Limpio con backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets -> Limpio con backup
C:\WINDOWS\exdl.exe -> Spyware.BargainBuddy.q -> Limpio con backup
C:\WINDOWS\igfrerlk.exe -> Spyware.SAHA -> Limpio con backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a -> Limpio con backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Limpio con backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.dk -> Limpio con backup
C:\WINDOWS\shop1003.exe -> Spyware.Sahat.m -> Limpio con backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn -> Limpio con backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw -> Limpio con backup
C:\WINDOWS\system\svchost.exe -> Backdoor.Agent.iw -> Limpio con backup
C:\WINDOWS\system\svchosthook.dll -> Backdoor.Agent.iw -> Limpio con backup
C:\WINDOWS\system32\1c3bq9qp.exe -> Spyware.SAHA -> Limpio con backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Limpio con backup
C:\WINDOWS\system32\exclean.exe -> Spyware.BargainBuddy -> Limpio con backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy.q -> Limpio con backup
C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy.q -> Limpio con backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy.q -> Limpio con backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy -> Limpio con backup
C:\WINDOWS\system32\init32m.exe -> TrojanDownloader.Agent.ho -> Limpio con backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy -> Limpio con backup
C:\WINDOWS\system32\maxd.exe -> Dialer.Generic -> Limpio con backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Limpio con backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy.n -> Limpio con backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanProxy.Small.bk -> Limpio con backup
C:\WINDOWS\system32\vxgame2.exe -> Backdoor.Agent.iw -> Limpio con backup
C:\WINDOWS\system32\vxgamet1.exe -> TrojanDownloader.Small.aqt -> Limpio con backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> TrojanDownloader.Small.aue -> Limpio con backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux -> Limpio con backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl -> Limpio con backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDownloader.Small.aue -> Limpio con backup
C:\WINDOWS\thin-114-1-x-x.exe -> Spyware.BetterInternet -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050416-141636-826.dll -> Spyware.MyWebSearch -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050416-141637-102.dll -> Spyware.WinAD.ad -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050512-150600-285.dll -> Dialer.Generic -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050604-173158-916.dll -> Spyware.SideFind -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050604-173235-539.dll -> Spyware.BargainBuddy.n -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050614-225901-248.dll -> Spyware.SmartPops -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050614-225902-783.dll -> Spyware.Zbar -> Limpio con backup
D:\Guz\hijackthis\backups\backup-20050614-225906-777.dll -> Spyware.MediaTickets -> Limpio con backup
Subtract Report
--------------------------------- SpySubtract session started ---------------------------------
Machine=WORMS-FRX0MJ2EJ
Time=Tue Jun 14 23:38:14 2005
Product Version=3, 0, 0, 29
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Started Scanning
Programs in Memory
Programs in Memory: Found 'optimize.exe' in 'C:\Documents and Settings\gUzAnO\Internet Optimizer'
Programs in Memory: Found 'bargains.exe' in 'C:\Archivos de programa\BullsEye Network\bin'
Finished Scanning
IE Plugins: Found '{F4E04583-354E-4076-BE7D-ED6A80FD66DA}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
IE Plugins: Found 'CLSID' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
IE Plugins: Found '{02EE5B04-F144-47BB-83FB-A60BD91B74A9}' in 'Software\Microsoft\Internet Explorer\URLSearchHooks'
Web Browser Security Settings: Found 'WarnOnZoneCrossing' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'Download with DAP' in 'Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP'
Web Browser Security Settings: Found 'Download all with DAP' in 'Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP'
Web Browser Security Settings: Found 'Exportar a Microsoft Excel' in 'Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel'
Windows Policy Settings: Found 'restrictanonymous' in 'SYSTEM\CurrentControlSet\Control\Lsa'
Windows Policy Settings: Found 'forceunlocklogon' in 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Windows Policy Settings: Found 'AUOptions' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update'
Services: Found 'ATI Smart' in ''
Services: Found 'ewido security suite control' in ''
Services: Found 'ewido security suite guard' in ''
Services: Found 'kavsvc' in ''
Windows Shell Settings: Found '{54D9498B-CF93-414F-8984-8CE7FDE0D391}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Windows Shell Settings: Found 'ewido' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ewido'
Windows Shell Settings: Found 'Kaspersky Anti-Virus' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Kaspersky Anti-Virus'
Windows Shell Settings: Found 'Kaspersky Anti-Virus' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus'
Windows Shell Settings: Found '{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Desktop' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Music' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CD Burning' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Video' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Desktop' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Desktop' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonPictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonMusic' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonVideo' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Desktop' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Program Startup Areas: Found 'Zone Labs Client' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Scanning is stopping...
--------------------------------- SpySubtract session started ---------------------------------
Machine=WORMS-FRX0MJ2EJ
Time=Tue Jun 14 23:59:35 2005
Product Version=3, 0, 0, 29
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
CoolWebSearch Variants (CWShredder)
CoolWebSearch Variants (CWShredder): Found 'CWS.MSConfig' in ''
Finished Scanning
Started Scanning
CoolWebSearch Variants (CWShredder)
CoolWebSearch Variants (CWShredder): Found 'CWS.MSConfig' in ''
Finished Scanning
Started Scanning
Internet Cookies
Internet Cookies: Found '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'advertising.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'bluestreak.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'burstnet.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'casalemedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'imrworldwide.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'com.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'counter.hitslink.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'fastclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'impresionesweb.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'linksynergy.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'maxserving.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'mediaplex.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'revenue.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'sextracker.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'spylog.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'statcounter.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'tribalfusion.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'www.shopathomeselect.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'xxxtoolbar.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'z1.adserver.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
CoolWebSearch Variants (CWShredder): Found 'CWS.MSConfig' in ''
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\ADS'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\ADS\Default'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\Always'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenFound'
Windows Registry: Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\VersionIndependentProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\VersionIndependentProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\InProcServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.Catcher.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.Catcher\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\0\win32'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\FLAGS'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\HELPDIR'
Windows Registry: Found '' in 'SOFTWARE\SpeedBit\Download Accelerator\Updates'
Windows Registry: Found '' in 'SOFTWARE\Bargains'
Windows Registry: Found '' in 'SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32'
Windows Registry: Found '' in 'S-1-5-21-299502267-1292428093-1801674531-1003\SOFTWARE\Avenue Media'
Windows Registry: Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper'
Windows Registry: Found '' in 'SOFTWARE\Classes\DyFuCA_BH.BHObj'
Windows Registry: Found '' in 'SOFTWARE\Classes\DyFuCA_BH.BHObj.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR'
Windows Registry: Found '403' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found '404' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found '410' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found '500' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'CLS' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'ID' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'InstallT' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'PendingRemoval' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'RID' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'ServerVisited' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'TAC' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'TargetDir' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'UpdateInterval' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'Version' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Windows Registry: Found 'ModuleFileName' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper'
Windows Registry: Found 'Options' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper'
Windows Registry: Found 'Version' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper'
Windows Registry: Found 'DisplayIcon' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer'
Windows Registry: Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer'
Windows Registry: Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer'
Windows Registry: Found '' in 'SOFTWARE\eXactUtil'
Windows Registry: Found '' in 'SOFTWARE\Classes\ADP.UrlCatcher'
Windows Registry: Found '' in 'SOFTWARE\Classes\ADP.UrlCatcher.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ADP.UrlCatcher\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID'
Windows Registry: Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'DisplayIcon' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'DisplayVersion' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'NoModify' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'NoRepair' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'Publisher' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found 'URLInfoAbout' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\0\win32'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\FLAGS'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\HELPDIR'
Windows Registry: Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Windows Registry: Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Windows Registry: Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\0'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\Programmable'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.activator\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.activator\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.activator.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.activator.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\ZToolbar.activator'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\HELPDIR'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\FLAGS'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\0\win32'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\0'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0'
Windows Registry: Found '' in 'SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\VersionIndependentProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Version'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ToolboxBitmap32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Programmable'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus\1'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Control'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\VersionIndependentProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\Programmable'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ProgID'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\InprocServer32'
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '' in 'C:\Archivos de programa\BullsEye Network'
Files and Directories: Found '' in 'C:\Archivos de programa\BullsEye Network\bin'
Files and Directories: Found 'adv.exe' in 'C:\Archivos de programa\BullsEye Network\bin'
Files and Directories: Found 'adx.exe' in 'C:\Archivos de programa\BullsEye Network\bin'
Files and Directories: Found 'nem220[1].dll' in 'C:\Documents and Settings\gUzAnO\Configuración local\Archivos temporales de Internet\Content.IE5\STE3SX23'
Files and Directories: Found 'optimize.exe' in 'C:\WINDOWS'
Files and Directories: Found 'bbchk.exe' in 'C:\WINDOWS\system32'
Files and Directories: Found 'exul.exe' in 'C:\WINDOWS\system32'
Files and Directories: Found 'javexulm.vxd' in 'C:\WINDOWS\system32'
Files and Directories: Found 'Drweb32.dll' in 'D:\Archivos de programa\Ahead\Nero'
Files and Directories: Found 'DRWEBASE.VDB' in 'D:\Archivos de programa\Ahead\Nero'
Files and Directories: Found 'backup-20050416-141636-826.dll' in 'D:\Guz\hijackthis\backups'
Finished Scanning
HJT report
Logfile of HijackThis v1.99.1
Scan saved at 23:54:36, on 14/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\dwwin.exe
D:\Guz\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] D:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: DigiDoc.lnk = D:\Archivos de programa\Chaintech\DigiDoc\DigiDoc.exe
O4 - Global Startup: SpySubtract.lnk = D:\Archivos de programa\InterMute\Nueva carpeta\SpySub.exe
O8 - Extra context menu item: &Download with &DAP - D:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\ARCHIV~1\DAP\DAP.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1118531826405O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ad-Aware Report
Ad-Aware SE Build 1.06r1
Logfile Created on:Miércoles, 15 de Junio de 2005 11:13:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):25 total references
DyFuCA(TAC index:3):5 total references
MRU List(TAC index:0):28 total references
SahAgent(TAC index:9):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
15-06-2005 11:13:58 - Scan started. (ADS scan)
Performing deep Scan and listing Alternate Data Streams...
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : A0013097.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
BargainBuddy Object Recognized!
Type : File
Data : A0013106.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe
BargainBuddy Object Recognized!
Type : File
Data : A0013107.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe
BargainBuddy Object Recognized!
Type : File
Data : A0013111.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
SahAgent Object Recognized!
Type : File
Data : A0013112.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
DyFuCA Object Recognized!
Type : File
Data : A0013115.exe
TAC Rating : 3
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
BargainBuddy Object Recognized!
Type : File
Data : A0013124.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : A0013125.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : A0013126.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAADE1705}\RP73\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : A0013127.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{331D3E74-13D6-44A2-9761-448CAA
Edited by gUzAnO, 15 June 2005 - 09:43 AM.