This topic is locked
I had the elite toolbar, used a remover for that and haven't seen it since yesterday but who knows if its really gone.
The rest has been equally as fun too.
One in particular that I have never come across before, in my AOL mail only any mail that came through yesterday, it was creating keywords of certain words within the email and creating hyperlinks that went to a site.
The rest of the stuff is the same crap, icons for party poker and what not on my desktop, pop ups and all the normal mess.
I have run the suggested programs in safe mode ran housecalls online.
That is stating :TROJ_TL.A found and cleaned
TROJ dloader.OT can not access non cleanable
TROJ SMALL.AAL clean failed
TROJ Startpag.QY
Nothing seems to be removing everything as restarting and running a new scan shows they are still here.
I also have a log file from a trial SPYWARE Doctor that shows a whole slew of stuff but trial version does not remove anything, not really sure if buying it will remove this stuff either.
Here is my Hijack This log:(ran after second go through with lsited programs)
Logfile of HijackThis v1.99.1
Scan saved at 5:00:48 PM, on 6/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
F:\Program Files\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
F:\Program Files\Clie`\HOTSYNC.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\MUSICMATCH\mim.exe
C:\WINDOWS\wanmpsvc.exe
F:\Program Files\MUSICMATCH\MMDiag.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Spyware Apps\HijackThis.exe
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - F:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - F:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MimBoot] F:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [Reminder] F:\program files\money\System\reminder.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - HKCU\..\Run: [uiri] C:\PROGRA~1\COMMON~1\uiri\uirim.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [b357RgesX] lfeiop.exe
O4 - Startup: SnagIt 7.lnk = F:\Program Files\SnagIt 7\SnagIt32.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Clie`\HOTSYNC.EXE
O4 - Global Startup: America Online Tray Icon.lnk = F:\My Documents\America Online 8.0a\aoltray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\MSPUB2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://www.crcivr.co...tivexviewer.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\bStmeter.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\security suite\ewidoguard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
And here is my Spyware Doctor Log File: (run before the seccond run through of the listed programs)
Spyware Doctor Activity Report
Generated on 6/18/2005 12:19:23 PM Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 6/18/2005 12:21:28 PM
scan stop: 6/18/2005 12:51:32 PM
scanned items: 74900
found items: 381
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
TargetSavers uiric.dll) Elevated
AdDestroyer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AdDestroyer Medium
AdDestroyer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AdDestroyer## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32 Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32## Medium
AproposMedia HKLM\software\autoloader Medium
AproposMedia HKLM\software\autoloader## Medium
AproposMedia HKLM\software\autoloader\AproposClient Medium
AproposMedia HKLM\software\autoloader\AproposClient## Medium
AproposMedia HKLM\software\autoloader\AproposClient##LoadUrl Medium
AproposMedia HKLM\software\autoloader\AproposClient##TempFile Medium
AproposMedia HKLM\software\autoloader\AproposClient##Parameters Medium
AproposMedia HKLM\software\autoloader\AproposClient##Attempts Medium
AproposMedia HKLM\software\autoloader\AproposClient##Trust Medium
AproposMedia HKLM\software\autoloader\AproposClient##Total Medium
AproposMedia HKLM\software\autoloader\AproposClient##Downloaded Medium
AproposMedia HKLM\software\autoloader\qz5d1aPeMKIX Medium
AproposMedia HKLM\software\autoloader\qz5d1aPeMKIX## Medium
AproposMedia HKLM\software\autoloader\qz5r1aPeMKIX Medium
AproposMedia HKLM\software\autoloader\qz5r1aPeMKIX## Medium
Bargain Buddy HKLM\SOFTWARE\eXactUtil Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil## Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##InstallOccurUrl Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##AlreadyInstalledUrl Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##ETServer Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##NewPartnerName Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##System Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52## Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Version Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Referer Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Unique Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Campaigns Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Last Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Page Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Override Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-TMPS Elevated
Common Components for GAIN HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Medium
Common Components Unrelated HKLM\Software\Microsoft\Windows\CurrentVersion\Run##autoupdater Medium
Elitum EliteBar (Search Miracle) HKCU\Software\LQ Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ## Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AT Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##TM Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##U Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AD Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##I Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AM Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##TR Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##country Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##city Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##state Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX2.8 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX2.9 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.0 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.1 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.2 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.3 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.4 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.5 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.6 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##LU3.7 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AC Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##checkrun Elevated
Flingstone Infamous Downloader HKLM\SOFTWARE\Microsoft\Windows##infamous High
IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium
Media Access HKLM\SOFTWARE\Media Access Medium
Media Access HKLM\SOFTWARE\Media Access## Medium
Media Access HKLM\SOFTWARE\Media Access##param Medium
Media Access HKLM\SOFTWARE\Media Access##track Medium
Media Access HKLM\SOFTWARE\Media Access##LastUpdate Medium
Media Access HKLM\SOFTWARE\Media Access##reqcount Medium
Media Access HKLM\SOFTWARE\Media Access##DownloadPath Medium
Media Access HKLM\SOFTWARE\Media Access##Language Medium
Media Access HKLM\SOFTWARE\Media Access##SoftwareTable Medium
Media Access HKLM\SOFTWARE\Media Access##Request Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Media Access Medium
NaviSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##NaviSearch Elevated
TargetSavers HKCU\Software\tsl2 Elevated
TargetSavers HKCU\Software\tsl2## Elevated
TargetSavers HKCU\Software\tsl2##Tsl2HWND Elevated
TargetSavers HKLM\SOFTWARE\TSA Elevated
TargetSavers HKLM\SOFTWARE\TSA## Elevated
TargetSavers HKLM\SOFTWARE\TSA##NewInstall Elevated
TargetSavers HKLM\SOFTWARE\TSA\update Elevated
TargetSavers HKLM\SOFTWARE\TSA\update## Elevated
TargetSavers HKLM\SOFTWARE\TSA\update##TSVersion Elevated
Virtual Bouncer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Virtual Bouncer Medium
Virtual Bouncer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Virtual Bouncer## Medium
WildTangent HKCR\WildTangent.ActiveLauncher Medium
WildTangent HKCR\WildTangent.ActiveLauncher## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable Medium
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1 Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib##Version Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib##Version Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E} Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR## Medium
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls##wtControlPanel Medium
Tracking Cookie(s) deegoofy@atdmt[2].txt Medium
Tracking Cookie(s) deegoofy@linksynergy[1].txt Medium
Tracking Cookie(s) deegoofy@dcs73d8ey4twkfbrtpj35l5z1_3m1y[1].txt Medium
Tracking Cookie(s) deegoofy@atwola[1].txt Medium
Tracking Cookie(s) [email protected][2].txt Medium
eXact Advertising deegoofy@trafficmp[1].txt Elevated
Common Components for GAIN deegoofy@belnk[2].txt Medium
Tracking Cookie(s) deegoofy@tribalfusion[2].txt Medium
Tracking Cookie(s) [email protected][2].txt Medium
Advertising deegoofy@doubleclick[2].txt Low
Common Components for GAIN [email protected][1].txt Medium
Advertising deegoofy@casalemedia[1].txt Low
Common Components for GAIN [email protected][1].txt Medium
Tracking Cookie(s) deegoofy@2o7[1].txt Medium
Tracking Cookie(s) deegoofy@geekstogo[1].txt Medium
Advertising [email protected][2].txt Low
Tracking Cookie(s) [email protected][2].txt Medium
Advertising deegoofy@statcounter[2].txt Low
Known Bad Sites C:\Documents and Settings\Deegooofy\Favorites\online discounts\cashback by bargainbuddy america?s reward and charity network.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Deegooofy\Favorites\website design\free resource for content and webmaster tools - counters, scripts, graphics, sounds, news, and more..url High
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID Medium
AproposMedia HKCR\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKCR\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 Medium
AproposMedia HKLM\Software\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKLM\Software\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 Medium
AdDestroyer C:\Documents and Settings\All Users.WINDOWS\Application Data\AdDestroyer Medium
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\348.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\494.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\482.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0104.dbd Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0504.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0904.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0412.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0106.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0204.ddx Elevated
AproposMedia C:\Program Files\AutoUpdate Medium
AproposMedia C:\Program Files\AutoUpdate\libexpat.dll Medium
BullsEye Network C:\Program Files\BullsEye Network Elevated
BullsEye Network C:\Program Files\BullsEye Network\bin Elevated
BullsEye Network C:\Program Files\BullsEye Network\bin\bargains.exe Elevated
BullsEye Network C:\Program Files\BullsEye Network\Uninstall.exe Elevated
BullsEye Network C:\Program Files\BullsEye Network\ad.dat Elevated
BullsEye Network C:\Program Files\BullsEye Network\ub.dat Elevated
Media Access C:\Program Files\Media Access Medium
Media Access C:\Program Files\Media Access\MediaAccC.dll Medium
Media Access C:\Program Files\Media Access\MediaAccK.exe Medium
Media Access C:\Program Files\Media Access\Info.txt Medium
Media Access C:\Program Files\Media Access\MediaAccess.exe Medium
NaviSearch C:\Program Files\NaviSearch Elevated
NaviSearch C:\Program Files\NaviSearch\bin Elevated
NaviSearch C:\Program Files\NaviSearch\ad.dat Elevated
NaviSearch C:\Program Files\NaviSearch\Uninstall.exe Elevated
NaviSearch C:\Program Files\NaviSearch\ub.dat Elevated
Trojan.Abox C:\WINDOWS\ABox.exe Elevated
BookedSpace C:\WINDOWS\cfgmgr52.dll Elevated
BookedSpace C:\WINDOWS\cfgmgr52.ini Elevated
BookedSpace C:\WINDOWS\cfgmgr52 Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASI2.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\EECH1.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASISSRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPC.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIPP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASICLRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIEPRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPMTV.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIRCPRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ZNETGP2.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\UTONE6.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPSHOP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPG.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPD.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPN.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPJ.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPF.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFIN.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFAM.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFI.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPH.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPHL.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPM.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPW.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPSP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPR.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASISS2RE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\SPZ3.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPS.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\bspace.html Elevated
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Medium
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf Medium
Transponder.Twain-tech C:\WINDOWS\Downloaded Program Files\thin.inf High
Transponder.Alchemy C:\WINDOWS\inf\alchem.inf High
Pops Stop C:\WINDOWS\ISSM0064.DAT Elevated
Common Components for Searchmiracle items C:\WINDOWS\protector.exe Elevated
AproposMedia C:\WINDOWS\System32\auto_update_uninstall.exe Medium
AproposMedia C:\WINDOWS\System32\auto_update_uninstall.log Medium
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\bingo2.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\mail unreaded.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\star.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\weather.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\100.bin High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\but.bin High
eXact Advertising C:\WINDOWS\System32\bbchk.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\dice21.ico High
eXact Advertising C:\WINDOWS\System32\exclean.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\greenmovie2311.ico High
ILookup.Begin2Search C:\WINDOWS\System32\kill all spyware4.ico High
Bargain Buddy C:\WINDOWS\System32\msbe.dll Elevated
DelfinProject C:\WINDOWS\System32\nsvsvc Elevated
DelfinProject C:\WINDOWS\System32\nsvsvc\License.txt Elevated
ILookup.Begin2Search C:\WINDOWS\System32\poker11212.ico High
TargetSavers C:\WINDOWS\System32\tsuninst.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\virushunter1231.ico High
PurityScan C:\WINDOWS\System32\wintask.exe Elevated
AproposMedia C:\WINDOWS\system32\cxtpls_loader.exe Medium
NaviSearch C:\WINDOWS\system32\nvms.dll Elevated
CashBack C:\WINDOWS\system32\mscb.dll Elevated
PurityScan C:\WINDOWS\system32\exp Elevated
PurityScan C:\WINDOWS\system32\exp.exe Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\protector.exe Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845169610.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845169860.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170001.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170431.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170842.asw Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\class-barrel Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\vocabulary Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\uiric.dll Elevated
DelfinProject C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Elevated
Elitum EliteBar (Search Miracle) C:\Program Files\sdf.exe Elevated
TargetSavers C:\Documents and Settings\Deegooofy\Local Settings\Temporary Internet Files\Content.IE5\KHYN0XMV\affupdate[1].ini Elevated
Any help is greated appreciated.
Thanks
Take Care
Dee
Edited by deegoofy, 18 June 2005 - 03:14 PM.
Sign In
Create Account
