Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log [CLOSED]


  • This topic is locked This topic is locked

#16
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by Guse, 31 August 2005 - 09:55 PM.

  • 0

Advertisements


#17
frogpop

frogpop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Need a vx2 fixer for Win98, please.
  • 0

#18
frogpop

frogpop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is a log from a scan by xoftspy:

<?xml version = "1.0"?>
<Session START = "04 Sep 05 18:57:04" END = "04 Sep 05 18:57:04">
<Information Version = "4.15" DatabaseVersion = "111" DataBaseDate = "31 Aug 2005"/>
<Information OS = "OS_WIN98"/>
<Information ServicePack = "Unknown or None"/>
<Information WorkingDirectory = "C:\PROGRAM FILES\XOFTSPY\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information Option = "Automatic Database Update" State = "OFF"/>
<Information Option = "Automatic Program Update" State = "OFF"/>
<Information Option = "Automatic Removal" State = "OFF"/>
<Information Option = "Exit When Finished" State = "OFF"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\RunServices"/>
<Information Value = "LicCtrl" Data = "runservice.exe" MD5 = "29fab5363138f6e322f4cd780ed9d337" Path = "C:\WINDOWS\runservice.exe"/>
<Information Value = "ADService" Data = "C:\Program Files\Iomega\AutoDisk\ADService.exe" MD5 = "d0af4a32079a42134b9a1d76f0088b78" Path = ""/>
<Information Value = "LoadPowerProfile" Data = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"/>
<Information Value = "SchedulingAgent" Data = "C:\WINDOWS\SYSTEM\mstask.exe" MD5 = "621ff7e2adff166af147e73567d2aba8" Path = ""/>
<Information Value = "SSDPSRV" Data = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" MD5 = "e162b4f2dfe6e899ef81ea6f1bc507ee" Path = ""/>
<Information Value = "KB891711" Data = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" MD5 = "cbd841775a04e82b2828fc301aafee70" Path = ""/>
<Information Value = "kavsvc" Data = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" MD5 = "f808c3c3206793ef1e2f5df4624d10c1" Path = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "Taskbar Display Controls" Data = "RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "ScanRegistry" Data = "C:\WINDOWS\scanregw.exe /autorun" MD5 = "661d6dc4707b0110bfd7d4da4ccb86cc" Path = ""/>
<Information Value = "TaskMonitor" Data = "C:\WINDOWS\taskmon.exe" MD5 = "e3638df27264132f18b43802c96efbba" Path = ""/>
<Information Value = "SystemTray" Data = "SysTray.Exe"/>
<Information Value = "HPSCANMonitor" Data = "C:\WINDOWS\SYSTEM\hpsjvxd.exe" MD5 = "6034299ac0f9da7572293076bb7e4b26" Path = ""/>
<Information Value = "StillImageMonitor" Data = "C:\WINDOWS\SYSTEM\STIMON.EXE" MD5 = "0613611d2c79751238dea0aef83f6303" Path = ""/>
<Information Value = "Adaptec DirectCD" Data = "C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE" MD5 = "28db916018236f98b0b747278a59d638" Path = ""/>
<Information Value = "WinampAgent" Data = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe" MD5 = "15f43e35a395b4131c9fbc077d3f93fc" Path = ""/>
<Information Value = "QuickTime Task" Data = "C:\WINDOWS\SYSTEM\QTTASK.EXE" MD5 = "4961601fdc07cf7b4f86986a715662bd" Path = ""/>
<Information Value = "ADUserMon" Data = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" MD5 = "fc783a6eb17d823330056f2b6dd9f789" Path = ""/>
<Information Value = "LoadPowerProfile" Data = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"/>
<Information Value = "EPSON Stylus CX4600 Series" Data = "C:\WINDOWS\SYSTEM\E_S5I2A1.EXE /P26 EPSON Stylus CX4600 Series /O20 \\OZZSERVER\EPSONSty /M Stylus CX4600" MD5 = "3758bb30e224d88bc1027b9302635429" Path = ""/>
<Information Value = "ICSDCLT" Data = "C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient" MD5 = "9ef36c1b50cb6f80deb943c622604fda" Path = ""/>
<Information Value = "vidctrl" Data = "C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE" MD5 = "d98b737bf224bf173fb7badf485a20ff" Path = ""/>
<Information Value = "Zqaokx" Data = "C:\PROGRAM FILES\FDKPBF\HRZVVPQ.EXE"/>
<Information Value = "NaviSearch" Data = "C:\Program Files\NaviSearch\bin\nls.exe"/>
<Information Value = "CashBack" Data = "C:\Program Files\CashBack\bin\cashback.exe"/>
<Information Value = "KAVPersonal50" Data = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize" MD5 = "c38b30ba289e9f52d2e90788d5a8b252" Path = ""/>
<Information Value = "Nsv" Data = "C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe" MD5 = "016645ad95781969367a4500aeea456f" Path = ""/>
<Information Value = "ifq5e4sn" Data = "C:\WINDOWS\SYSTEM\ifq5e4sn.exe" MD5 = "418b9953712cea2a79ff6a75eef6902c" Path = ""/>
<Information Value = "ZStart" Data = "C:\WINDOWS\SYSTEM\PPDXREGU.EXE DO0605"/>
<Information Value = "SysStart" Data = "C:\WINDOWS\SYSTEM\RSYSRW2D.EXE DO0605" MD5 = "bae3c03b44943391331337179b08a165" Path = ""/>
<Information Value = "stb" Data = "C:\WINDOWS\SYSTEM\stb.exe" MD5 = "f9d67c581e8fea4fc637eaff2461c7b9" Path = ""/>
<Information Value = "liv0ib4t" Data = "C:\WINDOWS\SYSTEM\liv0ib4t.exe" MD5 = "418b9953712cea2a79ff6a75eef6902c" Path = ""/>
<Information Value = "0.53" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.49" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.23" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.81" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "PSof1" Data = "C:\WINDOWS\SYSTEM\PSof1.exe" MD5 = "b951d3fc8ecf2f47db7eed13aec465ad" Path = ""/>
<Information Value = "0.97" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.83" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.63" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "MedGS" Data = "C:\WINDOWS\SYSTEM\MEDGS1.exe" MD5 = "fced25c61960674fe1d81d7dc1240428" Path = ""/>
<Information Value = "0.61" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.17" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.77" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.64" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.76" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.69" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.75" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.30" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "8.90" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.55" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.79" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.91" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.54" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.86" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.71" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.43" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.57" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "1.61" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information Value = "0.16" Data = "C:\WINDOWS\EXE82.exe" MD5 = "2accada0d40675f839565ab815985760" Path = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"/>
<Information Value = "WebCheck" Data = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"/>
<Information Value = "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" Data = "Browseui preloader"/>
<Information Value = "{8C7461EF-2B13-11d2-BE35-3078302C2030}" Data = "Component Categories cache daemon"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\OLE"/>
<Information Value = "EnableDCOM" Data = "Y"/>
<Information Value = "EnableRemoteConnect" Data = "N"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\PROTOCOLS\Filter\text/html"/>
<Information Value = "" Data = "QuickLinks MIME Filter"/>
<Information Value = "CLSID" Data = "{DFAA31C8-A356-4313-9D95-5EDAB46C5070}"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "ChannelsURL" Data = "http://www.iechannel...en/en_us.asp"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Do404Search" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Local Page" Data = "C:\WINDOWS\SYSTEM\blank.htm"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "Start Page" Data = "http://www.lphs.org/...rc/index.htm"/>
<Information Value = "ExplorerBar" Data = ""/>
<Information Value = "Window_Placement" Data = ""/>
<Information Value = "SmoothScroll" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Page_Transitions" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "SearchForExtensions" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "LastCheckedHi" Data = "(DWORD) 0x9b ae c5 1"/>
<Information Value = "AddToFavoritesExpanded" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoUpdateCheck" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "NscSingleExpand" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AllowWindowReuse" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Show image placeholders" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "HistoryViewType" Data = ""/>
<Information Value = "HistoryTopNSitesView" Data = "(DWORD) 0x14 0 0 0"/>
<Information Value = "Search Bar" Data = ""/>
<Information Value = "Use Custom Search URL" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoWebJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Force Offscreen Composition" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AutoSearch" Data = "(DWORD) 0x5 0 0 0"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Start Page" Data = "http://www.google.com"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "Default_Page_URL" Data = "http://www.google.com"/>
<Information Value = "Default_Search_URL" Data = "http://www.google.com"/>
<Information Value = "Cache_Percent_of_Disk" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\SYSTEM\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Search Bar" Data = ""/>
<Information Value = "Addon_URL" Data = "HTTP://WWW.MICROSOFT.COM/IE/IE401/DOWNLOAD/RTW/x86/en/download/addon95.htm"/>
<Information Value = "Wizard_Version" Data = "6.00.2800.1106"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Window Title" Data = "Microsoft Internet Explorer"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "about:blank"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn.com"/>
<Information Value = "CustomSearch" Data = "http://rd.yahoo.com/...arch/ie.html"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\SearchURL"/>
<Information Value = "" Data = ""/>
<Information Value = " " Data = "+"/>
<Information Value = "&" Data = "%26"/>
<Information Value = "+" Data = "%2B"/>
<Information Value = "#" Data = "%23"/>
<Information Value = "?" Data = "%3F"/>
<Information Value = "=" Data = "%3D"/>
<Information Value = "Provider" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Data = ""/>
<Information Value = "{8E718888-423F-11D2-876E-00A0C9082467}" Data = ""/>
<Information Value = "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" Data = ""/>
<Information Value = "{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428}" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "Theater" Data = ""/>
<Information Value = "LinksFolderName" Data = "Links"/>
<Information Value = "Locked" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "{1E796980-9CC5-11D1-A83F-00C04FC99D61}" Data = ""/>
<Scanning TIME = "04 Sep 05 18:57:04">
<PROCESS NAME = "C:\WINDOWS\SYSTEM\KERNEL32.DLL" MD5 = "df25456bbb343e913e7eb54550f36267"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\MSGSRV32.EXE" MD5 = "ef5f77bcb1330a6de15edb69133c732d"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\SPOOL32.EXE" MD5 = "2d3ab8a65f942a937a111d83e193b0f7"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\MPREXE.EXE" MD5 = "974f03b1e94c6ec9073615b7e8ac4827"/>
<PROCESS NAME = "C:\WINDOWS\RUNSERVICE.EXE" MD5 = "29fab5363138f6e322f4cd780ed9d337"/>
<PROCESS NAME = "C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE" MD5 = "d0af4a32079a42134b9a1d76f0088b78"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\MSTASK.EXE" MD5 = "621ff7e2adff166af147e73567d2aba8"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\SSDPSRV.EXE" MD5 = "e162b4f2dfe6e899ef81ea6f1bc507ee"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" MD5 = "cbd841775a04e82b2828fc301aafee70"/>
<PROCESS NAME = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE" MD5 = "f808c3c3206793ef1e2f5df4624d10c1"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\mmtask.tsk" MD5 = "38bae36e67c8b1ae3abc077837953b89"/>
<PROCESS NAME = "C:\WINDOWS\EXPLORER.EXE" MD5 = "7ada6f7250f04a62d84a09373f1bbae9"/>
<PROCESS NAME = "C:\WINDOWS\TASKMON.EXE" MD5 = "e3638df27264132f18b43802c96efbba"/>
<FILE PATH = "Vidctrl C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE" MD5 = "d98b737bf224bf173fb7badf485a20ff"/>
<FILE PATH = "DelFin Media Viewer C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE" MD5 = "016645ad95781969367a4500aeea456f"/>
<PROCESS NAME = "C:\WINDOWS\RUNDLL32.EXE" MD5 = "9ef36c1b50cb6f80deb943c622604fda"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM\DDHELP.EXE" MD5 = "f62f3495c1e013a63698d556c80e1b62"/>
<PROCESS NAME = "C:\WINDOWS\FREECELL.EXE" MD5 = "0e8b1c0df06de1d74bc297528ae2180e"/>
<PROCESS NAME = "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" MD5 = "eb9eaf627f705525d01de5fa07ea1818"/>
<PROCESS NAME = "C:\PROGRAM FILES\XOFTSPY\XOFTSPY.EXE" MD5 = "88d3950e0efda1cfb807af8eb5ab740f"/>
<PROCESS NAME = "c:\windows\system\vidctrl\vidctrl.exe" MD5 = "value = "vidctrl" data = "c:\windows\system\vidctrl\vidctrl.exe" md5 = "d98b737bf224bf173fb7badf485a20ff" path = """/>
<PROCESS NAME = "c:\windows\system\nsvsvc\nsvsvc.exe" MD5 = "value = "nsv" data = "c:\windows\system\nsvsvc\nsvsvc.exe" md5 = "016645ad95781969367a4500aeea456f" path = """/>
<FILE PATH = "ShopAtHomeSelect c:\windows\system\ifq5e4sn.exe"/>
<PROCESS NAME = "c:\windows\system\ifq5e4sn.exe" MD5 = "value = "ifq5e4sn" data = "c:\windows\system\ifq5e4sn.exe" md5 = "418b9953712cea2a79ff6a75eef6902c" path = """/>
<FILE PATH = "ShopAtHomeSelect c:\windows\system\liv0ib4t.exe"/>
<PROCESS NAME = "c:\windows\system\liv0ib4t.exe" MD5 = "value = "liv0ib4t" data = "c:\windows\system\liv0ib4t.exe" md5 = "418b9953712cea2a79ff6a75eef6902c" path = """/>
<FILE PATH = "PacerD Media c:\windows\system\psof1.exe"/>
<PROCESS NAME = "c:\windows\system\psof1.exe" MD5 = "value = "psof1" data = "c:\windows\system\psof1.exe" md5 = "b951d3fc8ecf2f47db7eed13aec465ad" path = """/>
<ScanningRegKeys>
</SW>
<SW NAME = "AccessPlugin">
<REGKEYFOUND NAME = "clsid\{d8efadf1-9009-11d6-8c73-608c5dc19089}"/>
<REGKEY NAME = "AccessPlugin clsid\{d8efadf1-9009-11d6-8c73-608c5dc19089}"/>
</SW>
<SW NAME = "Swaptor">
<REGKEYFOUND NAME = "software\swaptor"/>
<REGKEY NAME = "Swaptor software\swaptor"/>
</SW>
<SW NAME = "Media Motor">
<REGKEYFOUND NAME = "iobjsafety.democtl"/>
<REGKEY NAME = "Media Motor iobjsafety.democtl"/>
</SW>
<SW NAME = "Media Motor">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\uninstall\media-motor"/>
<REGKEY NAME = "Media Motor software\microsoft\windows\currentversion\uninstall\media-motor"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "software\classes\interface\{4610e7bd-710f-11d3-813d-00c04f6b92d0}"/>
<REGKEY NAME = "BonziBuddy software\classes\interface\{4610e7bd-710f-11d3-813d-00c04f6b92d0}"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "software\classes\interface\{4610e7be-710f-11d3-813d-00c04f6b92d0}"/>
<REGKEY NAME = "BonziBuddy software\classes\interface\{4610e7be-710f-11d3-813d-00c04f6b92d0}"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "ceresdll.ceresdllobj"/>
<REGKEY NAME = "Transponder ceresdll.ceresdllobj"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "ceresdll.ceresdllobj.1"/>
<REGKEY NAME = "Transponder ceresdll.ceresdllobj.1"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "clsid\{00000049-8f91-4d9c-9573-f016e7626484}"/>
<REGKEY NAME = "Transponder clsid\{00000049-8f91-4d9c-9573-f016e7626484}"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "interface\{bb0d5adc-028d-4185-9288-722ddce2c757}"/>
<REGKEY NAME = "Transponder interface\{bb0d5adc-028d-4185-9288-722ddce2c757}"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "software\ceres"/>
<REGKEY NAME = "Transponder software\ceres"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\uninstall\abi-1"/>
<REGKEY NAME = "Transponder software\microsoft\windows\currentversion\uninstall\abi-1"/>
</SW>
<SW NAME = "Transponder">
<REGKEYFOUND NAME = "typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}"/>
<REGKEY NAME = "Transponder typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}"/>
</SW>
<SW NAME = "Trojan/CWS Combo">
<REGKEYFOUND NAME = "software\motoin"/>
<REGKEY NAME = "Trojan/CWS Combo software\motoin"/>
</SW>
<SW NAME = "ShopAtHomeSelect">
<REGKEYFOUND NAME = "software\vgroup"/>
<REGKEY NAME = "ShopAtHomeSelect software\vgroup"/>
</SW>
<SW NAME = "ShopAtHomeSelect">
<REGKEYFOUND NAME = "software\winsock2\layered provider sample"/>
<REGKEY NAME = "ShopAtHomeSelect software\winsock2\layered provider sample"/>
</SW>
<SW NAME = "Bargain Buddy Bundle">
<REGKEYFOUND NAME = "software\pagent"/>
<REGKEY NAME = "Bargain Buddy Bundle software\pagent"/>
</SW>
<SW NAME = "DownloadWare">
<REGKEYFOUND NAME = "software\pagent"/>
</SW>
<SW NAME = "CoolWebSearch">
<REGKEYFOUND NAME = "protocols\filter\text/html"/>
<REGKEY NAME = "CoolWebSearch protocols\filter\text/html"/>
</SW>
<SW NAME = "CoolWebSearch">
<REGKEYFOUND NAME = "software\classes\protocols\filter\text/html"/>
<REGKEY NAME = "CoolWebSearch software\classes\protocols\filter\text/html"/>
</SW>
<SW NAME = "Adware.LinkMaker">
<REGKEYFOUND NAME = "software\classes\clsid\{dfaa31c8-a356-4313-9d95-5edab46c5070}"/>
<REGKEY NAME = "Adware.LinkMaker software\classes\clsid\{dfaa31c8-a356-4313-9d95-5edab46c5070}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}"/>
<REGKEY NAME = "DelFin Media Viewer software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}"/>
<REGKEY NAME = "DelFin Media Viewer clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}"/>
<REGKEY NAME = "DelFin Media Viewer clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}"/>
<REGKEY NAME = "DelFin Media Viewer software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "interface\{41700749-a109-4254-af13-be54011e8783}"/>
<REGKEY NAME = "DelFin Media Viewer interface\{41700749-a109-4254-af13-be54011e8783}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}"/>
<REGKEY NAME = "DelFin Media Viewer interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}"/>
<REGKEY NAME = "DelFin Media Viewer software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "vccpgdataaccess.pgdataaccessctrl.1"/>
<REGKEY NAME = "DelFin Media Viewer vccpgdataaccess.pgdataaccessctrl.1"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\uninstall\displayutility"/>
<REGKEY NAME = "DelFin Media Viewer software\microsoft\windows\currentversion\uninstall\displayutility"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGKEYFOUND NAME = "software\mvu"/>
<REGKEY NAME = "DelFin Media Viewer software\mvu"/>
</SW>
<SW NAME = "Aurora">
<REGKEYFOUND NAME = "interface\{bb0d5adc-028d-4185-9288-722ddce2c757}"/>
</SW>
<SW NAME = "Aurora">
<REGKEYFOUND NAME = "typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "software\winsoftware"/>
<REGKEY NAME = "WinFixer2005 software\winsoftware"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "software\winsoftware\winfixer 2005"/>
<REGKEY NAME = "WinFixer2005 software\winsoftware\winfixer 2005"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "appid\{8c65aef6-e413-4314-815b-82717a3f1603}"/>
<REGKEY NAME = "WinFixer2005 appid\{8c65aef6-e413-4314-815b-82717a3f1603}"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "appid\checkproduct2.dll"/>
<REGKEY NAME = "WinFixer2005 appid\checkproduct2.dll"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "checkproduct2.checkproduct"/>
<REGKEY NAME = "WinFixer2005 checkproduct2.checkproduct"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "checkproduct2.checkproduct.1"/>
<REGKEY NAME = "WinFixer2005 checkproduct2.checkproduct.1"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}"/>
<REGKEY NAME = "WinFixer2005 clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}"/>
<REGKEY NAME = "WinFixer2005 interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}"/>
</SW>
<SW NAME = "WinFixer2005">
<REGKEYFOUND NAME = "typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}"/>
<REGKEY NAME = "WinFixer2005 typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}"/>
<REGKEY NAME = "Medload clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "interface\{a9136cfd-fd01-41b8-9969-0b37720ed8ab}"/>
<REGKEY NAME = "Medload interface\{a9136cfd-fd01-41b8-9969-0b37720ed8ab}"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "interface\{b2eeda99-da99-4d0d-9f7f-143c30521388}"/>
<REGKEY NAME = "Medload interface\{b2eeda99-da99-4d0d-9f7f-143c30521388}"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}"/>
<REGKEY NAME = "Medload typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "software\mm"/>
<REGKEY NAME = "Medload software\mm"/>
</SW>
<SW NAME = "Medload">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx"/>
<REGKEY NAME = "Medload software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx"/>
</SW>
<SW NAME = "TargetSaver">
<REGKEYFOUND NAME = "software\tsvcin"/>
<REGKEY NAME = "TargetSaver software\tsvcin"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "ExactSearchBar/Navisearch/MySearch">
<REGVALUE VALUE = "ExactSearchBar/Navisearch/MySearch software\microsoft\windows\currentversion\run\navisearch"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\navisearch"/>
</SW>
<SW NAME = "Bargain Buddy Bundle">
<REGVALUE VALUE = "Bargain Buddy Bundle software\microsoft\windows\currentversion\run\cashback"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\cashback"/>
</SW>
<SW NAME = "DelFin Media Viewer">
<REGVALUE VALUE = "DelFin Media Viewer software\microsoft\windows\currentversion\run\nsv"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\nsv"/>
</SW>
<SW NAME = "PacerD Media">
<REGVALUE VALUE = "PacerD Media Software\Microsoft\Windows\CurrentVersion\Run\PSof1"/>
<REGVALUEFOUND NAME = "Software\Microsoft\Windows\CurrentVersion\Run\PSof1"/>
</SW>
<SW NAME = "Vidctrl">
<REGVALUE VALUE = "Vidctrl Software\Microsoft\Windows\CurrentVersion\Run\vidctrl"/>
<REGVALUEFOUND NAME = "Software\Microsoft\Windows\CurrentVersion\Run\vidctrl"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Transponder C:\WINDOWS\CERES.DLL"/>
<FILE PATH = "C:\WINDOWS\CERES.DLL"/>
<FILE PATH = "VX2 C:\WINDOWS\kwv2.dat"/>
<FILE PATH = "C:\WINDOWS\kwv2.dat"/>
<FILE PATH = "Media Motor C:\WINDOWS\tempf.txt"/>
<FILE PATH = "C:\WINDOWS\tempf.txt"/>
<FILE PATH = "Medload C:\WINDOWS\ubber60.ini"/>
<FILE PATH = "C:\WINDOWS\ubber60.ini"/>
<FILE PATH = "Media Motor C:\WINDOWS\unstall.exe"/>
<FILE PATH = "C:\WINDOWS\unstall.exe"/>
<FILE PATH = "Transponder C:\WINDOWS\Buddy.exe"/>
<FILE PATH = "C:\WINDOWS\Buddy.exe"/>
<FILE PATH = "Bargain Buddy Bundle C:\WINDOWS\SYSTEM\exclean.exe"/>
<FILE PATH = "C:\WINDOWS\SYSTEM\exclean.exe"/>
<FILE PATH = "falkag cookie C:\WINDOWS\Cookies\kori@as-us.falkag[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@as-us.falkag[1].txt"/>
<FILE PATH = "tribalfusion cookie C:\WINDOWS\Cookies\kori@tribalfusion[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@tribalfusion[2].txt"/>
<FILE PATH = "valuead cookie C:\WINDOWS\Cookies\kori@valuead[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@valuead[1].txt"/>
<FILE PATH = "atdmt cookie C:\WINDOWS\Cookies\kori@atdmt[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@atdmt[2].txt"/>
<FILE PATH = "doubleclick cookie C:\WINDOWS\Cookies\kori@doubleclick[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@doubleclick[2].txt"/>
<FILE PATH = "overture cookie C:\WINDOWS\Cookies\kori@overture[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@overture[2].txt"/>
<FILE PATH = "zedo cookie C:\WINDOWS\Cookies\kori@zedo[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@zedo[2].txt"/>
<FILE PATH = "tradedoubler cookie C:\WINDOWS\Cookies\kori@tradedoubler[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@tradedoubler[2].txt"/>
<FILE PATH = "targetnet cookie C:\WINDOWS\Cookies\kori@targetnet[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@targetnet[1].txt"/>
<FILE PATH = "inksynergy cookie C:\WINDOWS\Cookies\kori@linksynergy[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@linksynergy[1].txt"/>
<FILE PATH = "mediaplex cookie C:\WINDOWS\Cookies\kori@mediaplex[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@mediaplex[2].txt"/>
<FILE PATH = "fastclick cookie C:\WINDOWS\Cookies\kori@fastclick[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@fastclick[2].txt"/>
<FILE PATH = "falkag cookie C:\WINDOWS\Cookies\kori@as-eu.falkag[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@as-eu.falkag[2].txt"/>
<FILE PATH = "bridgetrack cookie C:\WINDOWS\Cookies\kori@citi.bridgetrack[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@citi.bridgetrack[1].txt"/>
<FILE PATH = "2o7.net Cookie C:\WINDOWS\Cookies\kori@2o7[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@2o7[1].txt"/>
<FILE PATH = "bfast cookie C:\WINDOWS\Cookies\kori@bfast[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@bfast[2].txt"/>
<FILE PATH = "valueclick cookie C:\WINDOWS\Cookies\kori@valueclick[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@valueclick[1].txt"/>
<FILE PATH = "pro-market cookie C:\WINDOWS\Cookies\anyuser@pro-market[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@pro-market[2].txt"/>
<FILE PATH = "247realmedia cookie C:\WINDOWS\Cookies\kori@247realmedia[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@247realmedia[1].txt"/>
<FILE PATH = "shopathomeselect cookie C:\WINDOWS\Cookies\kori@shopathomeselect[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@shopathomeselect[2].txt"/>
<FILE PATH = "webtrendslive cookie C:\WINDOWS\Cookies\kori@statse.webtrendslive[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@statse.webtrendslive[2].txt"/>
<FILE PATH = "doubleclick cookie C:\WINDOWS\Cookies\anyuser@doubleclick[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@doubleclick[1].txt"/>
<FILE PATH = "valuead cookie C:\WINDOWS\Cookies\anyuser@valuead[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@valuead[1].txt"/>
<FILE PATH = "atdmt cookie C:\WINDOWS\Cookies\anyuser@atdmt[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@atdmt[2].txt"/>
<FILE PATH = "shopathomeselect cookie C:\WINDOWS\Cookies\anyuser@shopathomeselect[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@shopathomeselect[2].txt"/>
<FILE PATH = "fastclick cookie C:\WINDOWS\Cookies\anyuser@fastclick[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@fastclick[2].txt"/>
<FILE PATH = "bluestreak cookie C:\WINDOWS\Cookies\anyuser@bluestreak[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@bluestreak[2].txt"/>
<FILE PATH = "targetnet cookie C:\WINDOWS\Cookies\anyuser@targetnet[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@targetnet[1].txt"/>
<FILE PATH = "zedo cookie C:\WINDOWS\Cookies\anyuser@zedo[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@zedo[2].txt"/>
<FILE PATH = "advertising cookie C:\WINDOWS\Cookies\anyuser@advertising[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@advertising[2].txt"/>
<FILE PATH = "falkag cookie C:\WINDOWS\Cookies\anyuser@as-us.falkag[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@as-us.falkag[2].txt"/>
<FILE PATH = "trafficmp cookie C:\WINDOWS\Cookies\anyuser@trafficmp[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@trafficmp[1].txt"/>
<FILE PATH = "tribalfusion cookie C:\WINDOWS\Cookies\anyuser@tribalfusion[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@tribalfusion[2].txt"/>
<FILE PATH = "bridgetrack cookie C:\WINDOWS\Cookies\anyuser@citi.bridgetrack[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@citi.bridgetrack[1].txt"/>
<FILE PATH = "mediaplex cookie C:\WINDOWS\Cookies\anyuser@mediaplex[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@mediaplex[2].txt"/>
<FILE PATH = "vedby.advertis cookie C:\WINDOWS\Cookies\anyuser@servedby.advertising[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@servedby.advertising[1].txt"/>
<FILE PATH = "valueclick cookie C:\WINDOWS\Cookies\anyuser@valueclick[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@valueclick[1].txt"/>
<FILE PATH = "webtrendslive cookie C:\WINDOWS\Cookies\anyuser@statse.webtrendslive[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@statse.webtrendslive[2].txt"/>
<FILE PATH = "casalemedia cookie C:\WINDOWS\Cookies\anyuser@casalemedia[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@casalemedia[1].txt"/>
<FILE PATH = "pacificpoker cookie C:\WINDOWS\Cookies\anyuser@pacificpoker[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\anyuser@pacificpoker[1].txt"/>
<FILE PATH = "casalemedia cookie C:\WINDOWS\Cookies\kori@casalemedia[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@casalemedia[2].txt"/>
<FILE PATH = "trafficmp cookie C:\WINDOWS\Cookies\kori@trafficmp[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@trafficmp[1].txt"/>
<FILE PATH = "abetterinternet cookie C:\WINDOWS\Cookies\kori@abetterinternet[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@abetterinternet[2].txt"/>
<FILE PATH = "advertising cookie C:\WINDOWS\Cookies\kori@advertising[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@advertising[1].txt"/>
<FILE PATH = "pro-market cookie C:\WINDOWS\Cookies\kori@pro-market[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@pro-market[2].txt"/>
<FILE PATH = "cliks cookie C:\WINDOWS\Cookies\kori@cliks[2].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@cliks[2].txt"/>
<FILE PATH = "vedby.advertis cookie C:\WINDOWS\Cookies\kori@servedby.advertising[1].txt"/>
<FILE PATH = "C:\WINDOWS\Cookies\kori@servedby.advertising[1].txt"/>
<FOLDER PATH = "Radlight \my documents\my deliveries\cnet"/>
<FOLDER PATH = "Radlight C:\my documents\my deliveries\cnet\tmpcache"/>
<FILE PATH = "Radlight C:\my documents\my deliveries\cnet\trillian-v0.74.exe"/>
<FOLDER PATH = "180Solutions C:\Program Files\180searchassistant"/>
<FILE PATH = "180Solutions C:\Program Files\180searchassistant\sac_gdf.dat"/>
<FILE PATH = "180Solutions C:\Program Files\180searchassistant\sac_kyf.dat"/>
<FILE PATH = "180Solutions C:\Program Files\180searchassistant\sacau_update.dat"/>
<FILE PATH = "180Solutions C:\Program Files\180searchassistant\sacau.dat"/>
<FOLDER PATH = "180Solutions C:\WINDOWS\Start Menu\programs\180search assistant"/>
<FILE PATH = "180Solutions C:\WINDOWS\Start Menu\programs\180search assistant\180search Assistant.com.url"/>
<FILE PATH = "180Solutions C:\WINDOWS\Start Menu\programs\180search assistant\Uninstall 180search Assistant Instructions.lnk"/>
<FOLDER PATH = "abetterinternet.DrTemp C:\WINDOWS\temp\drtemp"/>
<FILE PATH = "abetterinternet.DrTemp C:\WINDOWS\temp\drtemp\ceres.cab"/>
<FILE PATH = "abetterinternet.DrTemp C:\WINDOWS\temp\drtemp\ceres.inf"/>
<FILE PATH = "abetterinternet.DrTemp C:\WINDOWS\temp\drtemp\ceres.dll"/>
<FILE PATH = "abetterinternet.DrTemp C:\WINDOWS\temp\drtemp\polall5c.exe"/>
<FOLDER PATH = "DelFin Media Viewer C:\WINDOWS\SYSTEM\nsvsvc"/>
<FILE PATH = "DelFin Media Viewer C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll"/>
<FILE PATH = "DelFin Media Viewer C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx"/>
<FILE PATH = "DelFin Media Viewer C:\WINDOWS\SYSTEM\nsvsvc\License.txt"/>
<FOLDER PATH = "Vidctrl C:\WINDOWS\SYSTEM\vidctrl"/>
</Scanning>
  • 0

#19
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts

Need a vx2 fixer for Win98, please.

View Post

Run Ad-Aware with the latest update.
  • Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Plug-Ins for Ad-Aware (VX2 Cleaner)


*Close Ad-Aware, if it is currently open.

* Download the VX2 Cleaner 2.0 Plug-in Here.

* After installing, restart Ad-Aware before running the VX2 Cleaner.

*Using VX2 Cleaner 2.0

*NOTE: If you have earlier attempted to run Ad-Aware to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains.

*If you have already attempted to remove VX2 with Ad-Aware, do the following:

* Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.

* Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as “New VX2 variant found” or “VX2 variant 1 found” will appear.

* Press "Clean" and a dialog box with text “The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.

* Repeat this until the VX2 Cleaner reports "System clean". Press "Close” to exit.

* Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.


  • Manually download Latest definition file: Here
  • Please Note Version SE Build 1.06 is now available! This download is for use with Ad-Aware SE versions only.
  • Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
  • You can also use the webupdate component implemented in Ad-Aware to install this update.

  • 0

#20
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP