Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan HijackThis Log [CLOSED]

Started by Taran_Walker , Jul 17 2005 02:11 AM

  • This topic is locked This topic is locked

#1
Taran_Walker
Posted 17 July 2005 - 02:11 AM

Taran_Walker

    Member

  • Member
  • PipPip
  • 48 posts
Can someone please take a look at my hjt log it would be much appreciated!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 09:08:31, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\javaxk32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taran\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AE6510A6-4765-5B86-516B-121AF602CC42} - C:\WINDOWS\system32\javaeo.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [javaxk32.exe] C:\WINDOWS\system32\javaxk32.exe
O4 - HKLM\..\Run: [apijv32.exe] C:\WINDOWS\system32\apijv32.exe
O4 - HKLM\..\Run: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe
O4 - HKLM\..\Run: [sdkqa.exe] C:\WINDOWS\sdkqa.exe
O4 - HKLM\..\Run: [ipmv32.exe] C:\WINDOWS\ipmv32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [sysoz.exe] C:\WINDOWS\system32\sysoz.exe
O4 - HKLM\..\RunOnce: [mfckk.exe] C:\WINDOWS\mfckk.exe
O4 - HKLM\..\RunOnce: [javadu.exe] C:\WINDOWS\system32\javadu.exe
O4 - HKLM\..\RunOnce: [adddw.exe] C:\WINDOWS\system32\adddw.exe
O4 - HKLM\..\RunOnce: [atlzz32.exe] C:\WINDOWS\system32\atlzz32.exe
O4 - HKLM\..\RunOnce: [syslv32.exe] C:\WINDOWS\system32\syslv32.exe
O4 - HKLM\..\RunOnce: [mfcsi32.exe] C:\WINDOWS\mfcsi32.exe
O4 - HKLM\..\RunOnce: [addcg32.exe] C:\WINDOWS\system32\addcg32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\system32\winaz.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1727CC60-9FB7-48CC-8382-5D4CCD88A251}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apikv.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 17 July 2005 - 09:20 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

You have an HSA infection. The filenames on this type of infection can change each time you reboot your computer or use Internet Explorer. With that in mind, some of these filenames may be different. But the pattern is the same and you may be able to determine the correct files to remove. The sooner you perform this fix, the higher it's chances for success.

Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.

Please print out these instructions.


Step 1
Download CWShredder but don't run it yet.


Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.


Step 3
Download Ad-aware SE 1.06
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


Step 5
Please make sure that you can VIEW ALL HIDDEN FILES.


Step 6
Reboot your computer into SAFE MODE


Step 7
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ovihx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdrai.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AE6510A6-4765-5B86-516B-121AF602CC42} - C:\WINDOWS\system32\javaeo.dll
O4 - HKLM\..\Run: [javaxk32.exe] C:\WINDOWS\system32\javaxk32.exe
O4 - HKLM\..\Run: [apijv32.exe] C:\WINDOWS\system32\apijv32.exe
O4 - HKLM\..\Run: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe
O4 - HKLM\..\Run: [sdkqa.exe] C:\WINDOWS\sdkqa.exe
O4 - HKLM\..\Run: [ipmv32.exe] C:\WINDOWS\ipmv32.exe
O4 - HKLM\..\RunOnce: [sysoz.exe] C:\WINDOWS\system32\sysoz.exe
O4 - HKLM\..\RunOnce: [mfckk.exe] C:\WINDOWS\mfckk.exe
O4 - HKLM\..\RunOnce: [javadu.exe] C:\WINDOWS\system32\javadu.exe
O4 - HKLM\..\RunOnce: [adddw.exe] C:\WINDOWS\system32\adddw.exe
O4 - HKLM\..\RunOnce: [atlzz32.exe] C:\WINDOWS\system32\atlzz32.exe
O4 - HKLM\..\RunOnce: [syslv32.exe] C:\WINDOWS\system32\syslv32.exe
O4 - HKLM\..\RunOnce: [mfcsi32.exe] C:\WINDOWS\mfcsi32.exe
O4 - HKLM\..\RunOnce: [addcg32.exe] C:\WINDOWS\system32\addcg32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\system32\winaz.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apikv.exe (file missing)



Step 8
Now run CWShredder, making sure to click "Fix".


Step 9
Delete these files (Do not be concerned if they do not exist)

C:\WINDOWS\zdrai.dll
C:\WINDOWS\system32\javaeo.dll
C:\WINDOWS\system32\javaxk32.exe
C:\WINDOWS\system32\apijv32.exe
C:\WINDOWS\system32\appsi32.exe
C:\WINDOWS\sdkqa.exe
C:\WINDOWS\ipmv32.exe
C:\WINDOWS\system32\sysoz.exe
C:\WINDOWS\mfckk.exe
C:\WINDOWS\system32\javadu.exe
C:\WINDOWS\system32\adddw.exe
C:\WINDOWS\system32\atlzz32.exe
C:\WINDOWS\system32\syslv32.exe
C:\WINDOWS\mfcsi32.exe
C:\WINDOWS\system32\addcg32.exe
C:\WINDOWS\system32\winaz.exe
C:\WINDOWS\system32\apikv.exe


Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.


Step 11
Run a full scan with Adaware.


Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.
  • 0

#3
Taran_Walker
Posted 17 July 2005 - 10:22 AM

Taran_Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I can not do step 5 this is all it comes up with take a look at the attachment

Attached Files


  • 0

#4
Buckeye_Sam
Posted 17 July 2005 - 10:31 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Just skip that for now and proceed with the rest of the steps.
  • 0

#5
Taran_Walker
Posted 17 July 2005 - 11:47 AM

Taran_Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi I hav done all that but i still have about:blank as my homepage!!!!

Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 18:45:27, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\cruv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taran\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0E72366D-1971-3393-2F9E-6956B6550084} - C:\WINDOWS\mfczu32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EEAFF2EF-1457-3C40-9ADE-86A3DF66B350} - C:\WINDOWS\system32\addfs32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cruv.exe] C:\WINDOWS\cruv.exe
O4 - HKLM\..\RunOnce: [appjp.exe] C:\WINDOWS\system32\appjp.exe
O4 - HKLM\..\RunOnce: [javanc.exe] C:\WINDOWS\javanc.exe
O4 - HKLM\..\RunOnce: [crna32.exe] C:\WINDOWS\crna32.exe
O4 - HKLM\..\RunOnce: [ipfm32.exe] C:\WINDOWS\ipfm32.exe
O4 - HKLM\..\RunOnce: [crnd32.exe] C:\WINDOWS\system32\crnd32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\atlin.exe
O4 - HKLM\..\RunOnce: [mfczu32.exe] C:\WINDOWS\mfczu32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1727CC60-9FB7-48CC-8382-5D4CCD88A251}: NameServer = 195.92.195.94 195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appjp.exe" /s (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Here is the aboutbuster log:

AboutBuster 5.0 reference file 28
Scan started on [17/07/2005] at [18:00:33]
------------------------------------------------
Removed Stream! C:\WINDOWS\aaypg.txt:ftcfad
Removed Stream! C:\WINDOWS\abger.log:btxxam
Removed Stream! C:\WINDOWS\abger.log:mrusee
Removed Stream! C:\WINDOWS\abzce.dat:punsco
Removed Stream! C:\WINDOWS\ACSSetupLog.txt:usgyqh
Removed Stream! C:\WINDOWS\Active Setup Log.txt:lxety
Removed Stream! C:\WINDOWS\Active Setup Log.txt:onuhy
Removed Stream! C:\WINDOWS\Active Setup Log.txt:wsnfhh
Removed Stream! C:\WINDOWS\ActiveSkin.INI:ttpkuw
Removed Stream! C:\WINDOWS\afs.bmp:onmsqv
Removed Stream! C:\WINDOWS\aglbr.dat:emaqwh
Removed Stream! C:\WINDOWS\alxoi.txt:wnsvqj
Removed Stream! C:\WINDOWS\atvpk.log:gofykf
Removed Stream! C:\WINDOWS\avzdw.dat:bjxtld
Removed Stream! C:\WINDOWS\awbbx.log:pvkmmk
Removed Stream! C:\WINDOWS\BcdSetup.log:gvyevq
Removed Stream! C:\WINDOWS\BcdSetup.log:xfksam
Removed Stream! C:\WINDOWS\bejqf.txt:mcadhq
Removed Stream! C:\WINDOWS\bfkmx.txt:edsrka
Removed Stream! C:\WINDOWS\bgaff.txt:apvxiw
Removed Stream! C:\WINDOWS\blgpq.log:sqncch
Removed Stream! C:\WINDOWS\blgpq.log:zvijxa
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:bjyuh
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:pzhsx
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:vrmki
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:zoydmi
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:iarxr
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:jaazf
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:rwbosd
Removed Stream! C:\WINDOWS\bslcf.txt:nlwtz
Removed Stream! C:\WINDOWS\btxby.dat:kxtcun
Removed Stream! C:\WINDOWS\btxby.dat:qupcag
Removed Stream! C:\WINDOWS\bvcbz.log:lnihwh
Removed Stream! C:\WINDOWS\bvcbz.log:rdzhv
Removed Stream! C:\WINDOWS\bvcbz.log:rpiqgs
Removed Stream! C:\WINDOWS\bxmot.dat:twlazd
Removed Stream! C:\WINDOWS\byomx.txt:ajnav
Removed Stream! C:\WINDOWS\bzxdd.log:dxdftf
Removed Stream! C:\WINDOWS\caabw.log:cfcrr
Removed Stream! C:\WINDOWS\caabw.log:fomtvf
Removed Stream! C:\WINDOWS\chshl.dat:gyfxw
Removed Stream! C:\WINDOWS\ckmsr.dat:zmvfbf
Removed Stream! C:\WINDOWS\cmsetacl.log:ysqwk
Removed Stream! C:\WINDOWS\cmxxr.txt:qycrnc
Removed Stream! C:\WINDOWS\COM+.log:buthg
Removed Stream! C:\WINDOWS\COM+.log:cggpys
Removed Stream! C:\WINDOWS\COMSETUP.LOG:iumeq
Removed Stream! C:\WINDOWS\COMSETUP.LOG:payvln
Removed Stream! C:\WINDOWS\COMSETUP.LOG:ppefve
Removed Stream! C:\WINDOWS\cpeyh.dat:kxeemo
Removed Stream! C:\WINDOWS\cpeyh.dat:vhrdac
Removed Stream! C:\WINDOWS\crhu32.exe:oivooe
Removed Stream! C:\WINDOWS\CS_setup.ini:hsrjnx
Removed Stream! C:\WINDOWS\CS_setup.ini:tymij
Removed Stream! C:\WINDOWS\CS_setup.ini:xjpti
Removed Stream! C:\WINDOWS\ctqpz.dat:vyhoib
Removed Stream! C:\WINDOWS\cxbiy.log:nzaukm
Removed Stream! C:\WINDOWS\d3dx.dat:fvjjn
Removed Stream! C:\WINDOWS\dahotfix.log:ardpf
Removed Stream! C:\WINDOWS\dahotfix.log:ggtlc
Removed Stream! C:\WINDOWS\ddzgf.dat:lltenw
Removed Stream! C:\WINDOWS\DELL.BMP:myitym
Removed Stream! C:\WINDOWS\Dellnet.exe:kaexx
Removed Stream! C:\WINDOWS\Dellnet.exe:znomr
Removed Stream! C:\WINDOWS\DESKTOP.INI:suutkk
Removed Stream! C:\WINDOWS\Dialux.ini:kjzclb
Removed Stream! C:\WINDOWS\diasf.dat:eelrhg
Removed Stream! C:\WINDOWS\diasf.dat:ezsztx
Removed Stream! C:\WINDOWS\diasf.dat:fcfnop
Removed Stream! C:\WINDOWS\diasf.dat:vleqjq
Removed Stream! C:\WINDOWS\DirectX.log:bvntm
Removed Stream! C:\WINDOWS\djiii.log:phnuew
Removed Stream! C:\WINDOWS\dlitf.log:dksine
Removed Stream! C:\WINDOWS\dmcnf.log:tkazkl
Removed Stream! C:\WINDOWS\dsour.log:znagin
Removed Stream! C:\WINDOWS\DtcInstall.log:ivigkk
Removed Stream! C:\WINDOWS\DtcInstall.log:oyenhp
Removed Stream! C:\WINDOWS\dtjml.txt:njvsz
Removed Stream! C:\WINDOWS\duhww.log:rottcy
Removed Stream! C:\WINDOWS\duhww.log:sizfaj
Removed Stream! C:\WINDOWS\duhww.log:vlcnio
Removed Stream! C:\WINDOWS\dvjxn.log:tufgp
Removed Stream! C:\WINDOWS\dxkmi.log:awblfm
Removed Stream! C:\WINDOWS\dyqqw.txt:hzllfy
Removed Stream! C:\WINDOWS\dyqqw.txt:ljrkdt
Removed Stream! C:\WINDOWS\dyqqw.txt:uzseyh
Removed Stream! C:\WINDOWS\dyzas.log:boenkh
Removed Stream! C:\WINDOWS\dyzas.log:cpdyve
Removed Stream! C:\WINDOWS\dyzas.log:padrpj
Removed Stream! C:\WINDOWS\eajhd.dat:dccxxd
Removed Stream! C:\WINDOWS\eajhd.dat:gzwtjz
Removed Stream! C:\WINDOWS\ebxak.log:fbwxvu
Removed Stream! C:\WINDOWS\ecptl.txt:vasczs
Removed Stream! C:\WINDOWS\edwyy.dat:fwesr
Removed Stream! C:\WINDOWS\eeaih.log:gtwune
Removed Stream! C:\WINDOWS\eeaih.log:ytocpe
Removed Stream! C:\WINDOWS\eerxd.dat:jqfhsq
Removed Stream! C:\WINDOWS\ehkvk.log:tuvfz
Removed Stream! C:\WINDOWS\eidlq.txt:zuoapp
Removed Stream! C:\WINDOWS\ejevd.log:trxvus
Removed Stream! C:\WINDOWS\EKFMNHGQ.ini:dasix
Removed Stream! C:\WINDOWS\emlak.dat:itcdoj
Removed Stream! C:\WINDOWS\Eng_UK.gpl:mkiaod
Removed Stream! C:\WINDOWS\enppu.dat:auvirt
Removed Stream! C:\WINDOWS\epagh.dat:gmogeb
Removed Stream! C:\WINDOWS\EPSTPLOG.BAK:ennicl
Removed Stream! C:\WINDOWS\EPSTPLOG.TXT:mebzo
Removed Stream! C:\WINDOWS\EPSTPLOG.TXT:mnbwyg
Removed Stream! C:\WINDOWS\EPSTPLOG.TXT:mwpel
Removed Stream! C:\WINDOWS\EPSTPLOG.TXT:ogmmu
Removed Stream! C:\WINDOWS\eqzrm.txt:gogphr
Removed Stream! C:\WINDOWS\etnet.dll:dabuk
Removed Stream! C:\WINDOWS\etnet.dll:rzpfq
Removed Stream! C:\WINDOWS\etsjk.log:tcvdzq
Removed Stream! C:\WINDOWS\ewmkv.log:mtvudw
Removed Stream! C:\WINDOWS\explorer.exe:vbuzm
Removed Stream! C:\WINDOWS\explorer.exe:wfwff
Removed Stream! C:\WINDOWS\EXPLORER.SCF:eiwsg
Removed Stream! C:\WINDOWS\EXPLORER.SCF:mtcgg
Removed Stream! C:\WINDOWS\EXPLORER.SCF:xjhjj
Removed Stream! C:\WINDOWS\eywiq.dat:ewgovl
Removed Stream! C:\WINDOWS\FaxSetup.log:hhzxb
Removed Stream! C:\WINDOWS\FaxSetup.log:mrfqo
Removed Stream! C:\WINDOWS\FaxSetup.log:nrgqrr
Removed Stream! C:\WINDOWS\FaxSetup.log:pkaol
Removed Stream! C:\WINDOWS\FaxSetup.log:pxqbpo
Removed Stream! C:\WINDOWS\FaxSetup.log:razlfm
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:bmsehb
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:buhfbr
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:otmmg
Removed Stream! C:\WINDOWS\fgxho.dat:yvesni
Removed Stream! C:\WINDOWS\ficmi.log:tuzlvu
Removed Stream! C:\WINDOWS\fjwfb.dat:aojxwd
Removed Stream! C:\WINDOWS\fkuns.txt:qsudmz
Removed Stream! C:\WINDOWS\fkuns.txt:tndrbl
Removed Stream! C:\WINDOWS\flmtb.txt:layvqv
Removed Stream! C:\WINDOWS\fobhs.log:ojcpxe
Removed Stream! C:\WINDOWS\fojjz.txt:lpmisq
Removed Stream! C:\WINDOWS\fsxkx.txt:zvlndf
Removed Stream! C:\WINDOWS\fuvwx.log:dqfvvb
Removed Stream! C:\WINDOWS\fxdji.log:esrakx
Removed Stream! C:\WINDOWS\gaejo.dat:itzhyl
Removed Stream! C:\WINDOWS\gaejo.dat:wtjgmh
Removed Stream! C:\WINDOWS\gavpf.txt:eoocxy
Removed Stream! C:\WINDOWS\gavpf.txt:scqdd
Removed Stream! C:\WINDOWS\gcehw.txt:puutgs
Removed Stream! C:\WINDOWS\gedkl.log:omadij
Removed Stream! C:\WINDOWS\ggvtk.log:hgobut
Removed Stream! C:\WINDOWS\gngse.log:gntikt
Removed Stream! C:\WINDOWS\gnjbk.txt:shrtqf
Removed Stream! C:\WINDOWS\gnjbk.txt:xpyhzj
Removed Stream! C:\WINDOWS\goylv.txt:pkoopo
Removed Stream! C:\WINDOWS\goylv.txt:qnmoew
Removed Stream! C:\WINDOWS\GPInstall.exe:tlcne
Removed Stream! C:\WINDOWS\gqgfz.log:jowthg
Removed Stream! C:\WINDOWS\Greenstone.bmp:hlgtjy
Removed Stream! C:\WINDOWS\Greenstone.bmp:ixlkx
Removed Stream! C:\WINDOWS\Greenstone.bmp:nmylmr
Removed Stream! C:\WINDOWS\gzwyj.log:tzkqqn
Removed Stream! C:\WINDOWS\hahyo.dat:yojdje
Removed Stream! C:\WINDOWS\hbceo.txt:ookpsd
Removed Stream! C:\WINDOWS\hbceo.txt:qouilo
Removed Stream! C:\WINDOWS\hdjko.txt:esnbna
Removed Stream! C:\WINDOWS\hdjko.txt:rlzyli
Removed Stream! C:\WINDOWS\hedyg.log:lnskq
Removed Stream! C:\WINDOWS\hitva.txt:wtfghk
Removed Stream! C:\WINDOWS\hrmec.dat:bottxu
Removed Stream! C:\WINDOWS\hthpu.dll:aojdmm
Removed Stream! C:\WINDOWS\hthpu.dll:emkkf
Removed Stream! C:\WINDOWS\hthpu.dll:lfhne
Removed Stream! C:\WINDOWS\hxzum.txt:lomyrf
Removed Stream! C:\WINDOWS\hzbwr.log:hkllwk
Removed Stream! C:\WINDOWS\hzbwr.log:kmjmfl
Removed Stream! C:\WINDOWS\ibweu.log:epwmmh
Removed Stream! C:\WINDOWS\icvzn.txt:lecnxt
Removed Stream! C:\WINDOWS\iensx.ini:bmnatf
Removed Stream! C:\WINDOWS\iensx.ini:deadlc
Removed Stream! C:\WINDOWS\ieuninst.exe:ydpir
Removed Stream! C:\WINDOWS\ifump.txt:wipror
Removed Stream! C:\WINDOWS\ihiri.txt:efmszd
Removed Stream! C:\WINDOWS\IIS6.LOG:akdqqn
Removed Stream! C:\WINDOWS\IIS6.LOG:pqivn
Removed Stream! C:\WINDOWS\IIS6.LOG:skgsm
Removed Stream! C:\WINDOWS\IIS6.LOG:ytloni
Removed Stream! C:\WINDOWS\ijljj.txt:anvftz
Removed Stream! C:\WINDOWS\imbmx.dat:ogfgtf
Removed Stream! C:\WINDOWS\imbmx.dat:stdef
Removed Stream! C:\WINDOWS\impborl.dll:aadqo
Removed Stream! C:\WINDOWS\impborl.dll:lkzxo
Removed Stream! C:\WINDOWS\impborl.dll:pgxdh
Removed Stream! C:\WINDOWS\Imw32d30.dll:ddrdj
Removed Stream! C:\WINDOWS\Imw32d30.dll:hgqij
Removed Stream! C:\WINDOWS\Imw32d30.dll:kngvf
Removed Stream! C:\WINDOWS\Imw32d30.dll:sbnwi
Removed Stream! C:\WINDOWS\inxbu.dat:epqcjw
Removed Stream! C:\WINDOWS\inxbu.dat:moqsqa
Removed Stream! C:\WINDOWS\iosqv.log:hgylwq
Removed Stream! C:\WINDOWS\ipytp.dll:igjmi
Removed Stream! C:\WINDOWS\ipytp.dll:olfcj
Removed Stream! C:\WINDOWS\irmlx.dat:oyenhp
Removed Stream! C:\WINDOWS\isbcb.dat:cepjmh
Removed Stream! C:\WINDOWS\isbcb.dat:egixsc
Removed Stream! C:\WINDOWS\IsUninst.exe:wfouj
Removed Stream! C:\WINDOWS\isxls.dat:vivtr
Removed Stream! C:\WINDOWS\iun6002.exe:azjef
Removed Stream! C:\WINDOWS\iun6002.exe:cowas
Removed Stream! C:\WINDOWS\iwjqu.log:wfcrlx
Removed Stream! C:\WINDOWS\ixkxe.log:qwgbkl
Removed Stream! C:\WINDOWS\izujn.dat:zzfchs
Removed Stream! C:\WINDOWS\jautoexp.dat:gzwtjz
Removed Stream! C:\WINDOWS\jcgxd.dat:rzyhjd
Removed Stream! C:\WINDOWS\jcigp.dat:mlqrn
Removed Stream! C:\WINDOWS\jcoro.log:cipczq
Removed Stream! C:\WINDOWS\jcrzl.log:esjjrr
Removed Stream! C:\WINDOWS\jcrzl.log:ixzgfv
Removed Stream! C:\WINDOWS\jczjg.txt:vysguz
Removed Stream! C:\WINDOWS\jczjg.txt:wgqurs
Removed Stream! C:\WINDOWS\jgqsm.dat:ygixoc
Removed Stream! C:\WINDOWS\jitfe.log:phjhtv
Removed Stream! C:\WINDOWS\jjvnm.dat:ayjthy
Removed Stream! C:\WINDOWS\jjvnm.dat:njsvwc
Removed Stream! C:\WINDOWS\jjvnm.dat:rgbcie
Removed Stream! C:\WINDOWS\jkxhb.dat:azcnhy
Removed Stream! C:\WINDOWS\jkxhb.dat:eoziq
Removed Stream! C:\WINDOWS\jkxhb.dat:gsmis
Removed Stream! C:\WINDOWS\jkxhb.dat:nrcmob
Removed Stream! C:\WINDOWS\jkxhb.dat:pmncne
Removed Stream! C:\WINDOWS\jkxhb.dat:rbqeh
Removed Stream! C:\WINDOWS\jlojw.log:fkkaqn
Removed Stream! C:\WINDOWS\johmi.log:aitaqu
Removed Stream! C:\WINDOWS\johnd.log:hmfhho
Removed Stream! C:\WINDOWS\jpwuod.dat:gsvzqm
Removed Stream! C:\WINDOWS\jpwuod.dat:lzcybi
Removed Stream! C:\WINDOWS\jqgnf.log:tamsjj
Removed Stream! C:\WINDOWS\jsppj.log:silgse
Removed Stream! C:\WINDOWS\jtahn.log:ytnekw
Removed Stream! C:\WINDOWS\junk.txt:kcjrj
Removed Stream! C:\WINDOWS\junk.txt:ytxnv
Removed Stream! C:\WINDOWS\KB810217.log:bkrhzh
Removed Stream! C:\WINDOWS\KB810217.log:dbffdl
Removed Stream! C:\WINDOWS\KB810217.log:dceoo
Removed Stream! C:\WINDOWS\KB810217.log:nqvufz
Removed Stream! C:\WINDOWS\KB810243.log:jzjiv
Removed Stream! C:\WINDOWS\KB810243.log:ljelnh
Removed Stream! C:\WINDOWS\KB817778.log:ewawy
Removed Stream! C:\WINDOWS\KB817778.log:neczbe
Removed Stream! C:\WINDOWS\KB820291.log:mlcmts
Removed Stream! C:\WINDOWS\KB820291.log:tanjl
Removed Stream! C:\WINDOWS\KB820291.log:xqnahj
Removed Stream! C:\WINDOWS\KB821253.log:bzbvq
Removed Stream! C:\WINDOWS\KB821253.log:dkwqhr
Removed Stream! C:\WINDOWS\KB821253.log:pnyyux
Removed Stream! C:\WINDOWS\KB821253.log:wcwbq
Removed Stream! C:\WINDOWS\KB821253.log:wcxlyv
Removed Stream! C:\WINDOWS\KB821557.log:genevo
Removed Stream! C:\WINDOWS\KB822603.log:azrum
Removed Stream! C:\WINDOWS\KB822603.log:icffuf
Removed Stream! C:\WINDOWS\KB823182.log:kirwzu
Removed Stream! C:\WINDOWS\KB823182.log:pjmdb
Removed Stream! C:\WINDOWS\KB823182.log:tambs
Removed Stream! C:\WINDOWS\KB823182.log:yodtfm
Removed Stream! C:\WINDOWS\KB823559.log:gwommx
Removed Stream! C:\WINDOWS\KB824105.log:isqsdw
Removed Stream! C:\WINDOWS\KB824105.log:tacho
Removed Stream! C:\WINDOWS\KB824105.log:xnnfpf
Removed Stream! C:\WINDOWS\KB824105.log:yffjxy
Removed Stream! C:\WINDOWS\KB824141.log:ijxiv
Removed Stream! C:\WINDOWS\KB824141.log:viohhj
Removed Stream! C:\WINDOWS\KB824141.log:wcyth
Removed Stream! C:\WINDOWS\KB824146.log:apbqqk
Removed Stream! C:\WINDOWS\KB824146.log:qpwzhw
Removed Stream! C:\WINDOWS\KB825119.log:duhwwi
Removed Stream! C:\WINDOWS\KB825119.log:jgypsb
Removed Stream! C:\WINDOWS\KB825119.log:lbuni
Removed Stream! C:\WINDOWS\KB825119.log:nyudmi
Removed Stream! C:\WINDOWS\KB826942.log:akpnx
Removed Stream! C:\WINDOWS\KB826942.log:njhubl
Removed Stream! C:\WINDOWS\KB826942.log:pnyksp
Removed Stream! C:\WINDOWS\KB828028.log:bqoebg
Removed Stream! C:\WINDOWS\KB828035.log:fzeihs
Removed Stream! C:\WINDOWS\KB828035.log:ryawjk
Removed Stream! C:\WINDOWS\KB828035.log:vvzbqt
Removed Stream! C:\WINDOWS\KB834707.log:gjzadv
Removed Stream! C:\WINDOWS\KB834707.log:tjzrdj
Removed Stream! C:\WINDOWS\KB834707.log:vadhc
Removed Stream! C:\WINDOWS\KB835732.log:jzkcdu
Removed Stream! C:\WINDOWS\KB835732.log:xzxnjc
Removed Stream! C:\WINDOWS\KB837001.log:ookpsd
Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:hanejo
Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:obwnw
Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:qkkfyg
Removed Stream! C:\WINDOWS\KB839645.log:xbqoc
Removed Stream! C:\WINDOWS\KB839645.log:xihej
Removed Stream! C:\WINDOWS\KB840315.log:gpcumf
Removed Stream! C:\WINDOWS\KB840315.log:qaqsdf
Removed Stream! C:\WINDOWS\KB840374.log:njncat
Removed Stream! C:\WINDOWS\KB840374.log:zbfkdq
Removed Stream! C:\WINDOWS\KB841873.log:qcjte
Removed Stream! C:\WINDOWS\KB841873.log:qiarl
Removed Stream! C:\WINDOWS\KB873333.log:jmjkoo
Removed Stream! C:\WINDOWS\KB885250.log:xfnmrd
Removed Stream! C:\WINDOWS\KB885250.log:zkbgkd
Removed Stream! C:\WINDOWS\KB885835.log:bnbxqy
Removed Stream! C:\WINDOWS\KB885835.log:ykymxg
Removed Stream! C:\WINDOWS\KB885884.log:pgyrtf
Removed Stream! C:\WINDOWS\KB885884.log:skumnn
Removed Stream! C:\WINDOWS\KB886185.log:jyluyb
Removed Stream! C:\WINDOWS\KB886185.log:qliszq
Removed Stream! C:\WINDOWS\KB887742.log:hhqfnq
Removed Stream! C:\WINDOWS\KB887742.log:kdmrhq
Removed Stream! C:\WINDOWS\KB888302.log:czezsl
Removed Stream! C:\WINDOWS\KB890175.log:ahjkpa
Removed Stream! C:\WINDOWS\KB890175.log:dexwba
Removed Stream! C:\WINDOWS\KB890859.log:uaoemo
Removed Stream! C:\WINDOWS\KB890859.log:wpopvo
Removed Stream! C:\WINDOWS\KB890923.log:kchipb
Removed Stream! C:\WINDOWS\KB891781.log:bvgecc
Removed Stream! C:\WINDOWS\KB891781.log:cxepsw
Removed Stream! C:\WINDOWS\KB891781.log:psgjah
Removed Stream! C:\WINDOWS\KB891781.log:vfpkdl
Removed Stream! C:\WINDOWS\KB893066.log:nbhspy
Removed Stream! C:\WINDOWS\KB893086.log:bxveur
Removed Stream! C:\WINDOWS\KB893803.log:nywuug
Removed Stream! C:\WINDOWS\KB893803v2.log:twzjxn
Removed Stream! C:\WINDOWS\KB896422.log:ndkalw
Removed Stream! C:\WINDOWS\kbswz.txt:fedgfz
Removed Stream! C:\WINDOWS\kcvrq.dat:fypaor
Removed Stream! C:\WINDOWS\kdlar.log:mpspzp
Removed Stream! C:\WINDOWS\kfimx.dat:kmkfkj
Removed Stream! C:\WINDOWS\kfjxx.txt:yzzfqt
Removed Stream! C:\WINDOWS\klmbd.txt:nonyge
Removed Stream! C:\WINDOWS\krprk.log:gpgdjg
Removed Stream! C:\WINDOWS\krwzq.log:txokpc
Removed Stream! C:\WINDOWS\kvacf.txt:binazp
Removed Stream! C:\WINDOWS\lbjmu.txt:myyxje
Removed Stream! C:\WINDOWS\lnmji.txt:osenij
Removed Stream! C:\WINDOWS\lpqzz.dat:puumzf
Removed Stream! C:\WINDOWS\lsssa.dat:immysz
Removed Stream! C:\WINDOWS\lsssa.dat:mwjoh
Removed Stream! C:\WINDOWS\lxeqg.dat:cglsgu
Removed Stream! C:\WINDOWS\lxeqg.dat:tnxrom
Removed Stream! C:\WINDOWS\lyzwx.log:kvumlo
Removed Stream! C:\WINDOWS\lzmob.dat:uhdxix
Removed Stream! C:\WINDOWS\lzmob.dat:xynhd
Removed Stream! C:\WINDOWS\mdcot.log:moiwix
Removed Stream! C:\WINDOWS\mddwv.log:rfyhdp
Removed Stream! C:\WINDOWS\mddwv.log:wruemn
Removed Stream! C:\WINDOWS\mfcss.dll:khxcp
Removed Stream! C:\WINDOWS\mfcss.dll:vtzhc
Removed Stream! C:\WINDOWS\mhnkm.txt:ormrox
Removed Stream! C:\WINDOWS\mmjld.dat:cgbsak
Removed Stream! C:\WINDOWS\mmpoly.ini:dwnrnz
Removed Stream! C:\WINDOWS\mmpoly.ini:holrra
Removed Stream! C:\WINDOWS\mmpoly.ini:hsxwiz
Removed Stream! C:\WINDOWS\mnsxk.dat:ztpcdk
Removed Stream! C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt:dzmxp
Removed Stream! C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt:fxuqf
Removed Stream! C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt:jngkk
Removed Stream! C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt:nfbzb
Removed Stream! C:\WINDOWS\mozver.dat:djwqie
Removed Stream! C:\WINDOWS\mozver.dat:njtaf
Removed Stream! C:\WINDOWS\mozver.dat:reptn
Removed Stream! C:\WINDOWS\MSDFMAP.INI:lemkv
Removed Stream! C:\WINDOWS\MSDFMAP.INI:sfysy
Removed Stream! C:\WINDOWS\MSDFMAP.INI:zodwtl
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:dvaio
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:giypw
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:kgrxs
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:vkovcg
Removed Stream! C:\WINDOWS\msoffice.ini:grzvmt
Removed Stream! C:\WINDOWS\msoffice.ini:unlwvu
Removed Stream! C:\WINDOWS\msqla.dat:olhber
Removed Stream! C:\WINDOWS\mtsyq.dat:spwcnn
Removed Stream! C:\WINDOWS\MyNetIE.ini:dtyqy
Removed Stream! C:\WINDOWS\MyNetIE.ini:vsekd
Removed Stream! C:\WINDOWS\myqrvu.dat:obrqbu
Removed Stream! C:\WINDOWS\myqrvu.dat:snxprm
Removed Stream! C:\WINDOWS\nabuo.txt:kqhphx
Removed Stream! C:\WINDOWS\NeroDigital.ini:gubwvx
Removed Stream! C:\WINDOWS\netej32.dll:zkpdgh
Removed Stream! C:\WINDOWS\nfhrb.dat:uneybq
Removed Stream! C:\WINDOWS\ngmfn.txt:tzpng
Removed Stream! C:\WINDOWS\ngyhw.dat:zvubxh
Removed Stream! C:\WINDOWS\nitvr.dat:kersbu
Removed Stream! C:\WINDOWS\nitvr.dat:thmmn
Removed Stream! C:\WINDOWS\nkdbx.txt:fgiixl
Removed Stream! C:\WINDOWS\nnrez.log:dsvsxg
Removed Stream! C:\WINDOWS\nokiacontentcopier.INI:gvvir
Removed Stream! C:\WINDOWS\nokiaimageconverter.INI:uuoyfa
Removed Stream! C:\WINDOWS\notepad.exe:tqonw
Removed Stream! C:\WINDOWS\notepad.exe:vkfrxe
Removed Stream! C:\WINDOWS\npfdb.txt:wsnyrq
Removed Stream! C:\WINDOWS\nqhoo.log:cejxdw
Removed Stream! C:\WINDOWS\nsqbe.dat:otgdtb
Removed Stream! C:\WINDOWS\nsreg.dat:krgnj
Removed Stream! C:\WINDOWS\nsreg.dat:mngezd
Removed Stream! C:\WINDOWS\nsw.log:evlnyo
Removed Stream! C:\WINDOWS\ntbtlog.txt:rsasa
Removed Stream! C:\WINDOWS\ntbtlog.txt:vxulxh
Removed Stream! C:\WINDOWS\ntbtlog.txt:wwwtay
Removed Stream! C:\WINDOWS\ntdtcsetup.log:lnypo
Removed Stream! C:\WINDOWS\ntwe32.dll:mcuqlk
Removed Stream! C:\WINDOWS\ntwe32.dll:ywbwo
Removed Stream! C:\WINDOWS\ntxv32.dll:wdmegn
Removed Stream! C:\WINDOWS\nxdxp.log:blellu
Removed Stream! C:\WINDOWS\nxdxp.log:dkzheb
Removed Stream! C:\WINDOWS\nxdxp.log:forrtn
Removed Stream! C:\WINDOWS\oaaxx.dll:attryz
Removed Stream! C:\WINDOWS\OCGEN.LOG:akdhy
Removed Stream! C:\WINDOWS\ODBC.INI:xnlka
Removed Stream! C:\WINDOWS\ODBCINST.INI:zzved
Removed Stream! C:\WINDOWS\OEWABLog.txt:yawhrr
Removed Stream! C:\WINDOWS\ojort.txt:bdmokm
Removed Stream! C:\WINDOWS\ojort.txt:roujy
Removed Stream! C:\WINDOWS\OOBEACT.LOG:rbomlt
Removed Stream! C:\WINDOWS\optfe.dat:mephgz
Removed Stream! C:\WINDOWS\orun32.ini:efimaj
Removed Stream! C:\WINDOWS\orun32.isu:jczsfe
Removed Stream! C:\WINDOWS\ouuzf.txt:hqnbng
Removed Stream! C:\WINDOWS\ouuzf.txt:wgarcu
Removed Stream! C:\WINDOWS\pbdku.dat:cdsxho
Removed Stream! C:\WINDOWS\pcdlib32.dll:bnpms
Removed Stream! C:\WINDOWS\pcdlib32.dll:osnjj
Removed Stream! C:\WINDOWS\pcdlib32.dll:phozuo
Removed Stream! C:\WINDOWS\pcdlib32.dll:rcevq
Removed Stream! C:\WINDOWS\pcdoc.hlp:axnkj
Removed Stream! C:\WINDOWS\pcdoc.hlp:rmaquh
Removed Stream! C:\WINDOWS\pcdoc.hlp:vnekjh
Removed Stream! C:\WINDOWS\pcmra.txt:jeivx
Removed Stream! C:\WINDOWS\pcwkv.log:ssymbt
Removed Stream! C:\WINDOWS\pdfec.log:ecddsx
Removed Stream! C:\WINDOWS\pdfec.log:ktrzdd
Removed Stream! C:\WINDOWS\pgnwk.log:mkvna
Removed Stream! C:\WINDOWS\pgqet.dat:pvgac
Removed Stream! C:\WINDOWS\phbase.ini:osbnc
Removed Stream! C:\WINDOWS\phqcb.log:aioqex
Removed Stream! C:\WINDOWS\phqcb.log:hwzbju
Removed Stream! C:\WINDOWS\pioqd.log:sizwgh
Removed Stream! C:\WINDOWS\pkqni.txt:yuwzb
Removed Stream! C:\WINDOWS\podaa.log:evwmo
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:cnebqc
Removed Stream! C:\WINDOWS\pydbe.log:uampdk
Removed Stream! C:\WINDOWS\pzztn.log:ntfvfu
Removed Stream! C:\WINDOWS\Q322011.log:apumz
Removed Stream! C:\WINDOWS\Q322011.log:vowglf
Removed Stream! C:\WINDOWS\Q323255.log:fmhiz
Removed Stream! C:\WINDOWS\Q323255.log:vstjq
Removed Stream! C:\WINDOWS\Q327979.log:lhdzc
Removed Stream! C:\WINDOWS\Q327979.log:uknjh
Removed Stream! C:\WINDOWS\Q327979.log:yjgza
Removed Stream! C:\WINDOWS\Q328213.log:npptfp
Removed Stream! C:\WINDOWS\Q328213.log:sqezt
Removed Stream! C:\WINDOWS\Q328310.log:sqowvr
Removed Stream! C:\WINDOWS\Q329048.log:diofe
Removed Stream! C:\WINDOWS\Q329048.log:ftlok
Removed Stream! C:\WINDOWS\Q329048.log:mlypj
Removed Stream! C:\WINDOWS\Q329115.log:jnvbif
Removed Stream! C:\WINDOWS\Q329170.log:celsd
Removed Stream! C:\WINDOWS\Q329390.log:fmrue
Removed Stream! C:\WINDOWS\Q329390.log:krgkpc
Removed Stream! C:\WINDOWS\Q329390.log:wjgsy
Removed Stream! C:\WINDOWS\Q329441.log:bnohkp
Removed Stream! C:\WINDOWS\Q329441.log:lkxyi
Removed Stream! C:\WINDOWS\Q329834.log:vevxf
Removed Stream! C:\WINDOWS\Q329834.log:vklbhh
Removed Stream! C:\WINDOWS\Q330994.exe:dkqdk
Removed Stream! C:\WINDOWS\Q330994.exe:tohufa
Removed Stream! C:\WINDOWS\Q331060.log:nfodz
Removed Stream! C:\WINDOWS\Q331953.log:iksii
Removed Stream! C:\WINDOWS\Q810565.log:gjlxgc
Removed Stream! C:\WINDOWS\Q810577.log:mprzhc
Removed Stream! C:\WINDOWS\Q810833.log:rrwizv
Removed Stream! C:\WINDOWS\Q811493.log:ekzis
Removed Stream! C:\WINDOWS\Q811630.log:pzywm
Removed Stream! C:\WINDOWS\Q811789.log:ophed
Removed Stream! C:\WINDOWS\Q811789.log:wjtlz
Removed Stream! C:\WINDOWS\q812415.log:cmnibx
Removed Stream! C:\WINDOWS\q812415.log:hqada
Removed Stream! C:\WINDOWS\q812415.log:xslxu
Removed Stream! C:\WINDOWS\Q813862.log:hgucj
Removed Stream! C:\WINDOWS\Q813862.log:rkwhcp
Removed Stream! C:\WINDOWS\Q814033.log:gqzkx
Removed Stream! C:\WINDOWS\Q814995.log:arsju
Removed Stream! C:\WINDOWS\Q814995.log:ojmyt
Removed Stream! C:\WINDOWS\Q814995.log:vegndh
Removed Stream! C:\WINDOWS\Q815304.log:aynil
Removed Stream! C:\WINDOWS\Q815304.log:dorgx
Removed Stream! C:\WINDOWS\Q815304.log:rrsxa
Removed Stream! C:\WINDOWS\Q815485.log:hkeew
Removed Stream! C:\WINDOWS\Q816486.log:cunzd
Removed Stream! C:\WINDOWS\Q816979.log:fyeth
Removed Stream! C:\WINDOWS\Q816979.log:lkxdq
Removed Stream! C:\WINDOWS\Q816982.log:kntui
Removed Stream! C:\WINDOWS\Q817287.log:opdru
Removed Stream! C:\WINDOWS\Q817287.log:tojpto
Removed Stream! C:\WINDOWS\Q817287.log:yzwzj
Removed Stream! C:\WINDOWS\Q817287.log:zwnnf
Removed Stream! C:\WINDOWS\Q817606.log:dluoh
Removed Stream! C:\WINDOWS\Q817606.log:rtxoo
Removed Stream! C:\WINDOWS\Q828026.log:xglej
Removed Stream! C:\WINDOWS\qckna.log:gnxzd
Removed Stream! C:\WINDOWS\qhcsb.dat:louunz
Removed Stream! C:\WINDOWS\qmhaz.dat:lflxq
Removed Stream! C:\WINDOWS\qswey.txt:iihyjo
Removed Stream! C:\WINDOWS\qt3wrap.dll:aaoxf
Removed Stream! C:\WINDOWS\qudro.log:chpmto
Removed Stream! C:\WINDOWS\quudp.txt:zbyou
Removed Stream! C:\WINDOWS\qvlyv.dat:tkljyb
Removed Stream! C:\WINDOWS\qwxel.log:eldoal
Removed Stream! C:\WINDOWS\qymjr.txt:nhzzvq
Removed Stream! C:\WINDOWS\R.COM:fxonfi
Removed Stream! C:\WINDOWS\R.COM:ppjyt
Removed Stream! C:\WINDOWS\R1.scr:epnzqj
Removed Stream! C:\WINDOWS\R1.scr:lifrhf
Removed Stream! C:\WINDOWS\R1.ssd:bekqq
Removed Stream! C:\WINDOWS\R1.ssd:uogin
Removed Stream! C:\WINDOWS\rbvmt.dat:fisepb
Removed Stream! C:\WINDOWS\rbvmt.dat:lbxvdx
Removed Stream! C:\WINDOWS\REGEDIT.COM:fxonfi
Removed Stream! C:\WINDOWS\REGEDIT.COM:ppjyt
Removed Stream! C:\WINDOWS\regedit.exe:fxonfi
Removed Stream! C:\WINDOWS\regedit.exe:ppjyt
Removed Stream! C:\WINDOWS\REGLOCS.OLD:fpjtj
Removed Stream! C:\WINDOWS\REGLOCS.OLD:fwtkhc
Removed Stream! C:\WINDOWS\REGLOCS.OLD:tyhmvv
Removed Stream! C:\WINDOWS\REGOPT.LOG:wjpxji
Removed Stream! C:\WINDOWS\REGOPT.LOG:wqfnkm
Removed Stream! C:\WINDOWS\rehqu.dat:vcibfh
Removed Stream! C:\WINDOWS\Rhododendron.bmp:cacjs
Removed Stream! C:\WINDOWS\Rhododendron.bmp:yybep
Removed Stream! C:\WINDOWS\rhpes.txt:mzaspf
Removed Stream! C:\WINDOWS\rhpes.txt:yblkrl
Removed Stream! C:\WINDOWS\River Sumida.bmp:brjdvf
Removed Stream! C:\WINDOWS\rkumd.txt:ezkxji
Removed Stream! C:\WINDOWS\rlhqa.dat:jrdlgk
Removed Stream! C:\WINDOWS\rlhqa.dat:okikds
Removed Stream! C:\WINDOWS\rqhfc.dat:axyldf
Removed Stream! C:\WINDOWS\rqhfc.dat:odspk
Removed Stream! C:\WINDOWS\rtpye.log:kxelyh
Removed Stream! C:\WINDOWS\rtpye.log:xadkls
Removed Stream! C:\WINDOWS\rurpx.log:qunyb
Removed Stream! C:\WINDOWS\rwxyc.dat:ocrcif
Removed Stream! C:\WINDOWS\sacsy.log:wmtczr
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:hdcich
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:ltclt
Removed Stream! C:\WINDOWS\SchedLgU.Txt:cpwqbk
Removed Stream! C:\WINDOWS\sehag.txt:tiqau
Removed Stream! C:\WINDOWS\sessmgr.setup.log:pihoi
Removed Stream! C:\WINDOWS\setdebug.exe:eidhav
Removed Stream! C:\WINDOWS\setdebug.exe:tihbw
Removed Stream! C:\WINDOWS\SETUPACT.LOG:sjnskd
Removed Stream! C:\WINDOWS\SETUPACT.LOG:srwio
Removed Stream! C:\WINDOWS\SETUPACT.LOG:tqrrxh
Removed Stream! C:\WINDOWS\SETUPACT.LOG:vqpdvu
Removed Stream! C:\WINDOWS\setupapi.log:gsbmgi
Removed Stream! C:\WINDOWS\setupapi.log:qjuanc
Removed Stream! C:\WINDOWS\setupapi.log:svrsqx
Removed Stream! C:\WINDOWS\setupapi.log.0.old:qosftu
Removed Stream! C:\WINDOWS\setupapi.log.0.old:xjvmdf
Removed Stream! C:\WINDOWS\setupapi.log.1.old:drjezr
Removed Stream! C:\WINDOWS\setupapi.log.1.old:ejsoq
Removed Stream! C:\WINDOWS\setupapi.log.1.old:kkxxen
Removed Stream! C:\WINDOWS\setupapi.log.2.old:nrzjxf
Removed Stream! C:\WINDOWS\SETUPERR.LOG:aemmch
Removed Stream! C:\WINDOWS\SETUPERR.LOG:ahkknf
Removed Stream! C:\WINDOWS\SETUPERR.LOG:mqdlux
Removed Stream! C:\WINDOWS\SETUPERR.LOG:oyjge
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:wrujtc
Removed Stream! C:\WINDOWS\SetupPestPatrolCorporate.mif:bkxskp
Removed Stream! C:\WINDOWS\sfgqd.log:frvroi
Removed Stream! C:\WINDOWS\sfgqd.log:jtmxud
Removed Stream! C:\WINDOWS\sfgqd.log:odmyk
Removed Stream! C:\WINDOWS\shmoq.log:mlpymz
Removed Stream! C:\WINDOWS\shrjw.log:cuxkxf
Removed Stream! C:\WINDOWS\simau.txt:gtvjla
Removed Stream! C:\WINDOWS\simzi.txt:hxosgw
Removed Stream! C:\WINDOWS\simzi.txt:psgwqs
Removed Stream! C:\WINDOWS\slrundll.exe:dzbqct
Removed Stream! C:\WINDOWS\slrundll.exe:lnuvpp
Removed Stream! C:\WINDOWS\slrundll.exe:vxxuz
Removed Stream! C:\WINDOWS\smgbk.dat:ityjkv
Removed Stream! C:\WINDOWS\smgbk.dat:ztoonk
Removed Stream! C:\WINDOWS\smnue.dat:ohvaux
Removed Stream! C:\WINDOWS\smscfg.ini:ddypb
Removed Stream! C:\WINDOWS\smscfg.ini:hslce
Removed Stream! C:\WINDOWS\smscfg.ini:zsmza
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:acnbto
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:ruyuiv
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:sgwrcs
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:vaqaji
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:xjjrn
Removed Stream! C:\WINDOWS\spupdsvc.log:scfpny
Removed Stream! C:\WINDOWS\ss.drv:knrzkx
Removed Stream! C:\WINDOWS\ss.drv:vtxfa
Removed Stream! C:\WINDOWS\ss.drv:zaspc
Removed Stream! C:\WINDOWS\ss.drv:ztehg
Removed Stream! C:\WINDOWS\ssttn.dat:khhxec
Removed Stream! C:\WINDOWS\stfqz.dat:jsstqv
Removed Stream! C:\WINDOWS\Sti_Trace.log:dizczn
Removed Stream! C:\WINDOWS\Suzuki Marine.dat:kaduw
Removed Stream! C:\WINDOWS\Suzuki Marine.dat:ouiku
Removed Stream! C:\WINDOWS\Suzuki Marine.dat:vashbp
Removed Stream! C:\WINDOWS\Suzuki Marine.dll:slova
Removed Stream! C:\WINDOWS\Suzuki Marine.exe:jhrxrl
Removed Stream! C:\WINDOWS\svcpack.log:cbvzz
Removed Stream! C:\WINDOWS\svcpack.log:jjmkoi
Removed Stream! C:\WINDOWS\svcpack.log:rumyzg
Removed Stream! C:\WINDOWS\swomr.log:pcmrav
Removed Stream! C:\WINDOWS\syprv.txt:jxhjfp
Removed Stream! C:\WINDOWS\syprv.txt:mnnrhs
Removed Stream! C:\WINDOWS\syprv.txt:ubxqik
Removed Stream! C:\WINDOWS\SYSTEM.INI:buoiii
Removed Stream! C:\WINDOWS\SYSTEM.INI:jvflcq
Removed Stream! C:\WINDOWS\szoqi.dat:tyaohz
Removed Stream! C:\WINDOWS\TASKMAN.EXE:zpomxk
Removed Stream! C:\WINDOWS\tempf.txt:mcpddv
Removed Stream! C:\WINDOWS\tempf.txt:mysubc
Removed Stream! C:\WINDOWS\tgphi.log:anxzgb
Removed Stream! C:\WINDOWS\tiwky.dat:bvxqwb
Removed Stream! C:\WINDOWS\tnbvt.log:lhirdv
Removed Stream! C:\WINDOWS\tpjgp.log:dhbxxy
Removed Stream! C:\WINDOWS\trsqj.txt:uwiwyd
Removed Stream! C:\WINDOWS\ttoea.log:azchya
Removed Stream! C:\WINDOWS\txseo.dat:lbfavv
Removed Stream! C:\WINDOWS\tymij.txt:ediiff
Removed Stream! C:\WINDOWS\tzkqq.txt:dbyfxx
Removed Stream! C:\WINDOWS\ueemq.txt:rnzrhe
Removed Stream! C:\WINDOWS\uhoia.txt:skbxry
Removed Stream! C:\WINDOWS\ujbve.txt:kludla
Removed Stream! C:\WINDOWS\ujpfk.txt:nqwps
Removed Stream! C:\WINDOWS\ulmoz.txt:gvnjwr
Removed Stream! C:\WINDOWS\uninst.exe:sxodj
Removed Stream! C:\WINDOWS\Unwash5.exe:kxzil
Removed Stream! C:\WINDOWS\updspapi.log:jojwbg
Removed Stream! C:\WINDOWS\VB.INI:refwx
Removed Stream! C:\WINDOWS\VBADDIN.INI:cpcbdq
Removed Stream! C:\WINDOWS\VBADDIN.INI:hqkxml
Removed Stream! C:\WINDOWS\vfuqe.txt:sttcud
Removed Stream! C:\WINDOWS\vimfr.dat:dkomn
Removed Stream! C:\WINDOWS\vminst.log:mpupxb
Removed Stream! C:\WINDOWS\vmjga.txt:qeptx
Removed Stream! C:\WINDOWS\VMMREG32.DLL:kcjnt
Removed Stream! C:\WINDOWS\vmuninst.log:arcdgn
Removed Stream! C:\WINDOWS\vmuninst.log:hwssy
Removed Stream! C:\WINDOWS\vmuninst.log:uzrzo
Removed Stream! C:\WINDOWS\vnkpt.txt:gtranw
Removed Stream! C:\WINDOWS\vnkpt.txt:nopala
Removed Stream! C:\WINDOWS\vnkpt.txt:zttcoo
Removed Stream! C:\WINDOWS\vpvnc.txt:fohfnc
Removed Stream! C:\WINDOWS\vpyvw.log:fxqvs
Removed Stream! C:\WINDOWS\vpyvw.log:mvmiu
Removed Stream! C:\WINDOWS\vrhdo.dat:rnakwt
Removed Stream! C:\WINDOWS\vrhdo.dat:slrizw
Removed Stream! C:\WINDOWS\vrpfb.txt:ssvqix
Removed Stream! C:\WINDOWS\vrpfb.txt:zmbfpg
Removed Stream! C:\WINDOWS\vtjud.txt:qqkyjx
Removed Stream! C:\WINDOWS\vzgiw.dat:kotpre
Removed Stream! C:\WINDOWS\Wanadoo.ico:ergtqe
Removed Stream! C:\WINDOWS\Wanadoo.ico:qybfo
Removed Stream! C:\WINDOWS\Wanadoo.ico:wfdax
Removed Stream! C:\WINDOWS\Wanadoo.ico:xwxsq
Removed Stream! C:\WINDOWS\wcfjy.txt:rnuljj
Removed Stream! C:\WINDOWS\weilz.dat:cpdvto
Removed Stream! C:\WINDOWS\wekoh.txt:ltfvci
Removed Stream! C:\WINDOWS\WINHELP.EXE:uprvo
Removed Stream! C:\WINDOWS\WININIT.INI:bwkwi
Removed Stream! C:\WINDOWS\WININIT.INI:qladq
Removed Stream! C:\WINDOWS\WININIT.INI:uflij
Removed Stream! C:\WINDOWS\WINNT.BMP:txdcl
Removed Stream! C:\WINDOWS\wmsetup.log:azpao
Removed Stream! C:\WINDOWS\WMSysPr9.prx:frdyu
Removed Stream! C:\WINDOWS\WMSysPr9.prx:qijgfo
Removed Stream! C:\WINDOWS\xdfac.txt:kvqvar
Removed Stream! C:\WINDOWS\xhayk.txt:bfylky
Removed Stream! C:\WINDOWS\xiiuk.txt:jzyvln
Removed Stream! C:\WINDOWS\xiiuk.txt:vptoxe
Removed Stream! C:\WINDOWS\ximea.dat:lgqqej
Removed Stream! C:\WINDOWS\xmipi.log:npmtro
Removed Stream! C:\WINDOWS\xntsv.txt:ehjvht
Removed Stream! C:\WINDOWS\xqiuy.log:whtjbv
Removed Stream! C:\WINDOWS\xumnt.log:bbtiyr
Removed Stream! C:\WINDOWS\ydurl.log:ckiyu
Removed Stream! C:\WINDOWS\yhbss.dat:tcdnat
Removed Stream! C:\WINDOWS\yilut.txt:ksaulu
Removed Stream! C:\WINDOWS\yjeno.log:ldoec
Removed Stream! C:\WINDOWS\ypduj.log:vmdfhh
Removed Stream! C:\WINDOWS\yqwht.txt:fmvscs
Removed Stream! C:\WINDOWS\ytfdi.txt:mdwtud
Removed Stream! C:\WINDOWS\Zapotec.bmp:egawz
Removed Stream! C:\WINDOWS\Zapotec.bmp:pzqexr
Removed Stream! C:\WINDOWS\Zapotec.bmp:ybxzh
Removed Stream! C:\WINDOWS\Zapotec.bmp:zmgdud
Removed Stream! C:\WINDOWS\zdjuq.txt:edogwo
Removed Stream! C:\WINDOWS\zmgym.log:pbysfc
Removed Stream! C:\WINDOWS\zmihe.txt:gulnxt
Removed Stream! C:\WINDOWS\zphld.dat:huqxim
Removed Stream! C:\WINDOWS\zpyid.dat:mryqny
Removed Stream! C:\WINDOWS\zrgde.log:sxxyef
Removed Stream! C:\WINDOWS\zrgde.log:zvvbrw
Removed Stream! C:\WINDOWS\ztero.dat:avjdcp
Removed Stream! C:\WINDOWS\zuglf.txt:svtqez
Removed Stream! C:\WINDOWS\zupoj.log:rwogtg
Removed Stream! C:\WINDOWS\zutwq.log:fkrdhj
Removed Stream! C:\WINDOWS\zutwq.log:lxqdgp
Removed Stream! C:\WINDOWS\zxnpw.dat:kwgloq
Removed Stream! C:\WINDOWS\zymhv.dat:dyiras
Removed Stream! C:\WINDOWS\zymhv.dat:xkbjjl
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aaccch
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aajzlz
------------------------------------------------
Removed File! : C:\Windows\abzce.dat
Removed File! : C:\Windows\acpyw.dat
Removed File! : C:\Windows\aglbr.dat
Removed File! : C:\Windows\aisdi.dat
Removed File! : C:\Windows\aktnl.dat
Removed File! : C:\Windows\apwqm.dat
Removed File! : C:\Windows\aslhh.dat
Removed File! : C:\Windows\avgte.dat
Removed File! : C:\Windows\avzdw.dat
Removed File! : C:\Windows\awrrg.dat
Removed File! : C:\Windows\axpqv.dat
Removed File! : C:\Windows\bfjfd.dat
Removed File! : C:\Windows\bkjnr.dat
Removed File! : C:\Windows\bnfgd.dat
Removed File! : C:\Windows\bpynf.dat
Removed File! : C:\Windows\btewo.dat
Removed File! : C:\Windows\btxby.dat
Removed File! : C:\Windows\bubuf.dat
Removed File! : C:\Windows\budvd.dat
Removed File! : C:\Windows\bvrvm.dat
Removed File! : C:\Windows\bxmot.dat
Removed File! : C:\Windows\bzopo.dat
Removed File! : C:\Windows\cctnc.dat
Removed File! : C:\Windows\chshl.dat
Removed File! : C:\Windows\ckmsr.dat
Removed File! : C:\Windows\crfrq.dat
Removed File! : C:\Windows\cuxmj.dat
Removed File! : C:\Windows\czeat.dat
Removed File! : C:\Windows\dcazo.dat
Removed File! : C:\Windows\ddacs.dat
Removed File! : C:\Windows\ddzgf.dat
Removed File! : C:\Windows\djsei.dat
Removed File! : C:\Windows\eajhd.dat
Removed File! : C:\Windows\edwyy.dat
Removed File! : C:\Windows\eerxd.dat
Removed File! : C:\Windows\ekypc.dat
Removed File! : C:\Windows\emlak.dat
Removed File! : C:\Windows\enppu.dat
Removed File! : C:\Windows\entvg.dat
Removed File! : C:\Windows\enuwk.dat
Removed File! : C:\Windows\epagh.dat
Removed File! : C:\Windows\epidi.dat
Removed File! : C:\Windows\ermnb.dat
Removed File! : C:\Windows\esuuc.dat
Removed File! : C:\Windows\etdve.dat
Removed File! : C:\Windows\eywiq.dat
Removed File! : C:\Windows\ezjeu.dat
Removed File! : C:\Windows\fbiei.dat
Removed File! : C:\Windows\fgxho.dat
Removed File! : C:\Windows\fjwfb.dat
Removed File! : C:\Windows\fkzjb.dat
Removed File! : C:\Windows\fzunc.dat
Removed File! : C:\Windows\gdyij.dat
Removed File! : C:\Windows\gioky.dat
Removed File! : C:\Windows\gjppt.dat
Removed File! : C:\Windows\gjsxd.dat
Removed File! : C:\Windows\gpreq.dat
Removed File! : C:\Windows\gpvip.dat
Removed File! : C:\Windows\gyjnm.dat
Removed File! : C:\Windows\hahyo.dat
Removed File! : C:\Windows\hcwet.dat
Removed File! : C:\Windows\hdjdw.dat
Removed File! : C:\Windows\hffnn.dat
Removed File! : C:\Windows\hiwcm.dat
Removed File! : C:\Windows\hmbah.dat
Removed File! : C:\Windows\hmlrh.dat
Removed File! : C:\Windows\hmvty.dat
Removed File! : C:\Windows\hndnm.dat
Removed File! : C:\Windows\hnjdu.dat
Removed File! : C:\Windows\hrmec.dat
Removed File! : C:\Windows\hspxy.dat
Removed File! : C:\Windows\ihmyz.dat
Removed File!
  • 0

#6
Buckeye_Sam
Posted 17 July 2005 - 01:54 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
This is a particularly nasty infection. You can see how many infected files you had. If we miss one file, the whole thing reinstalls itself. Be patient. It may take a few rounds.


We're going to add another tool to bring to the battle.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.



Print out these instructions as most of these steps will need to be done in Safe mode.

Reboot into Safe mode and fix these lines with Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ekfwk.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0E72366D-1971-3393-2F9E-6956B6550084} - C:\WINDOWS\mfczu32.dll
O2 - BHO: Class - {EEAFF2EF-1457-3C40-9ADE-86A3DF66B350} - C:\WINDOWS\system32\addfs32.dll
O4 - HKLM\..\Run: [cruv.exe] C:\WINDOWS\cruv.exe
O4 - HKLM\..\RunOnce: [appjp.exe] C:\WINDOWS\system32\appjp.exe
O4 - HKLM\..\RunOnce: [javanc.exe] C:\WINDOWS\javanc.exe
O4 - HKLM\..\RunOnce: [crna32.exe] C:\WINDOWS\crna32.exe
O4 - HKLM\..\RunOnce: [ipfm32.exe] C:\WINDOWS\ipfm32.exe
O4 - HKLM\..\RunOnce: [crnd32.exe] C:\WINDOWS\system32\crnd32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\atlin.exe
O4 - HKLM\..\RunOnce: [mfczu32.exe] C:\WINDOWS\mfczu32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appjp.exe" /s (file missing)


=========


Run CWShredder, making sure to click "Fix".

Run About Buster. Make sure to save the log.

Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido


===========


Reboot back to normal mode and post the following logs:

- Hijackthis log
- AboutBuster log
- Ewido log (this log may be very large. If so just attach it to your next post)
  • 0

#7
Taran_Walker
Posted 18 July 2005 - 12:36 PM

Taran_Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hello Sam here are all the logs fromn the scans

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:30:34, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taran\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1727CC60-9FB7-48CC-8382-5D4CCD88A251}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appjp.exe" /s (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Here is the aboutbuster log:

AboutBuster 5.0 reference file 28
Scan started on [18/07/2005] at [19:18:56]
------------------------------------------------
Removed Stream! C:\WINDOWS\Dialux.ini:ymcew
Removed Stream! C:\WINDOWS\dlitf.log:kwlsst
Removed Stream! C:\WINDOWS\dlitf.log:pdysia
Removed Stream! C:\WINDOWS\EPSTPLOG.BAK:ovvbfo
Removed Stream! C:\WINDOWS\EPSTPLOG.BAK:vqwdpg
Removed Stream! C:\WINDOWS\EPSTPLOG.BAK:zzpgdc
Removed Stream! C:\WINDOWS\SchedLgU.Txt:xnhrqk
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aazvna
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:abger
------------------------------------------------
Removed File! : C:\Windows\zodpo.dat
Removed File! : C:\Windows\System32\faqcv.dat
Removed File! : C:\Windows\System32\rzeit.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:21:18

and finally the ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 22:15:38, 17/07/2005
+ Report-Checksum: B2D1F7EB

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00AF6BF7-1C8A-2F68-11A6-3DD4FD5A3DED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{02FFD786-624F-CC5B-7820-BCDEE66D486F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031211BF-70AC-72ED-883D-C47AC7D80AB0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{03986A99-8487-BF06-A53A-7D6D4ED76483} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04EDA6A5-3C09-E146-8F75-5684DDB4E2A7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07D80144-9372-FEAC-AEDD-21AE8732F067} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07FF232E-41D0-38A2-6073-6847AD3E6453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0C5210E4-1BEF-9A5C-6EDA-012321DE19B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{120432D2-986E-D6C9-2056-A678827E97DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A5161CF-197C-FCC5-52C8-1AE7E0BB4A51} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B2B1933-92B1-481C-EB27-35E36BF72B5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C57E571-0B87-8702-2AAF-E058D58BEE62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D05B49E-CC14-E11C-706F-60066BD9D4C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D232F9D-941D-5CD9-732F-8F6EC1977CF2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3E7FA6-E393-C514-F461-E0B59435D825} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6A3B74-3D40-4D48-4D55-E3A0A8029CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F846F72-8833-7B85-FBF7-B2D81D30AB82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20624CF4-3AF3-5A88-257F-7E0B78D56A51} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{211D33BE-B506-603A-E0C1-E50E4D62779F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{226F74F7-94A2-FE96-7B23-B01DD29FD1E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2402BAD1-2B03-B117-D0E4-9685436E0914} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25ABB624-07B4-7709-119D-4C9FB375AB79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26DF6F6C-68C1-432E-7845-1CBFEF199116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2760207D-F6BA-6516-0C1A-8C995844B1D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29F1D625-8BC0-9364-C57C-DB62035ABD50} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A9B7B46-3BB6-BB3C-9E0A-6C988B9DE22E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B3E67AD-604C-9879-98F0-52FDEEAE4D63} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{321EE590-67C6-6B11-CCA5-70323A77E2B6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{353933B6-2ECF-A0F1-F1EB-C0B9FE2EF168} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35CDCE87-6BD6-878A-D4C9-24118A153D34} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3757D8EC-FD1D-A2F5-366B-C8C2FEE89B04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{37E5E66E-C168-B55B-BE2E-8478ED77CD96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A044FBA-5DEF-1ECF-55E6-8A9DE3722CEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9B5DF7-2AB9-16A6-4505-78AF14014B28} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CE36D52-D914-5BA5-C0E2-3F53AE992ABB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EB9E062-47DE-633E-02AB-4AC63DA507E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F18E16D-F794-AD29-32FD-2AA0E587716B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F81823D-B4B4-C3D2-CE8E-E8BB4EF4D52F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{407FFCD2-654F-817E-A2EE-B535B9FBC95D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4095AAF5-BAD2-A97D-D64C-566A52E35C2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44CE9131-E13C-D36A-083A-FAFF61E866CA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44FA143F-05A1-A796-536B-363BB7DC977C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{458710FC-EACF-AA54-F736-6EF18F0FE7C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{483C767C-E381-7083-FD10-379897AEDEFB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A5DA6C7-CAFA-ADBE-1CBD-9DB325C4EB88} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FFB405E-2D99-7374-B6D3-F0CD9DC8744E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50C0BB70-6636-6313-EB71-E592B01EAF21} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{51F242CE-3A79-A2F0-3B9D-50A94CC69C30} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55B26598-4EAA-795A-B6BE-E73AF3E66B1E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{569A8D32-0108-F6A7-6EE3-9094FC97B318} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57E2A8F4-A957-3F30-9323-88485335C5DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{595B569B-A80C-DEE4-5AE6-7AF21D2B6F17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59935BC1-5F4B-96F1-F3B6-C6B36821D102} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5AEDA511-0157-5F17-AC3D-A3D8D05DFE0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9DD78B-6805-11A5-818B-723A508CBC0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E4566F7-825D-2817-0598-1949854654D5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E51824C-52E0-D124-BFC7-DEAEE6504984} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F1C7FC6-359E-6D58-42B3-3E410DB4CADB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{602C9652-36AF-DEC5-DE23-DB34295B6BA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64770A00-0C3B-BCEC-D32D-83EE61896228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66DEB589-B6D4-E95E-2E36-26287464CD11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BE5CD97-C2FD-46BB-5C0A-9634487B916D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D012127-ABB2-BF82-D02A-24CBBD599720} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{710D4788-B064-A3C4-EC29-A9E67ABEF953} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72877DD4-A7A3-8B9D-DEB7-F09CC0629D54} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7656789A-ED76-CC21-B379-9B8792A5DDF6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77CDFCA0-BA97-CA0C-618F-7AA1690AB92B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78757FBB-7367-3BB1-0D47-0212285D9AEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{795714A8-C9C0-E8BD-30DB-A0DA3B603993} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7EFCA545-7AB8-61BF-D7DE-AEA89256912C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821C8BB3-C516-BEE5-C6A4-ECF0D92BF426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{822904F6-6515-F4CA-FCA6-3DD79347C0E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8388F6F7-C7DD-5A32-8A42-7938E184AA5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{841CB982-C366-4290-3F00-95A1A5F3C340} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8424A742-21C5-E92B-D6A5-2B565D796258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{854F3880-4AA1-AF49-995D-6630908AFE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0B6039-9C48-66D5-8BFB-9F32F71C1612} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A457F99-ED79-A514-B791-FCEC37E50B28} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DFCBD6E-113A-2348-6A3E-397AD2C21017} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E22B410-9A68-7588-EDE1-05BA98980E7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8EA257CF-EDDF-09CA-1536-29E313C464B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F6C5DE9-FDDF-569A-0A0F-FEF0E3957F0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{91D36B11-7557-849E-10CC-AF26257149A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9436A461-8EBA-8CCA-C8D5-98D6F786767A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{955B6DF6-295B-AD12-F4CD-B405B76306F9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9564CC48-05D0-7649-4D33-CBDCCFF9913B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9633E7CB-D24D-2353-E8EC-FCF820661F42} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97FD03BF-2223-5BCC-0213-A97E0706011D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{988F33DF-14DB-9347-ED73-E0CDCC695426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A7083BD-566F-B299-344C-47ABCAB6F765} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A91EB6C-6B33-0933-42A8-1A1954F9B35F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C0FBA5F-3F3D-397E-15C0-85E3828D8424} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1455BA-AB98-5AEA-F11B-65367B604345} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EDC0D8F-954E-A638-C240-D52042910A62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F1D249D-1545-56CD-0C52-0C2EE115ABB1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A318BFD4-C3A4-E970-DD27-26C4F5F2AD25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A4842560-CE4E-8858-6B28-E50CEB6F759E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A507C113-55E6-12CB-8EC0-BA8BE1F569B2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A66A7703-9E5D-D32F-B86A-2B0EE436B436} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A66DF143-F487-E2C9-232E-3D99CC47A72F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9BB7C1A-E63B-E0A9-63EB-7124FA52D1B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC06F6E-F261-4E44-CF1D-B1EA9712EF4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC3A456-1DE9-F1B9-912D-E57B58C8E083} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AE9146BD-F3E6-13D0-911B-0CF28B2B624B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEC0D087-CA0B-D7B9-0EE4-BFCC513BFC71} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEF3E64A-B4FC-FC2A-5EF9-4FC735F322D9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B063B761-34B8-42D9-CBCD-08B0A1D3E8D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B2561711-375A-C5C2-DBF9-4F87C6CDEC0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B30EFD56-F6AF-2F6B-C3AB-6571E5627F1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B61BACAE-2CB6-EF24-C53E-8CA0B2907B91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6233EB3-872F-7898-F4A8-3F6A3BAA6D57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B784881A-C236-6F52-D86B-285DC0FC4011} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7F4D50B-EAC3-A3F3-769F-96194A8DECDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B9E19DA8-10A7-4E21-2FBB-FDC66E0CC0B9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA66EA91-C16C-D1A2-86DA-4CC1F4EF8C99} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0FE7F5-AD1D-A795-C683-F3EB54072EFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCE50D6B-B3E6-30B9-72AB-14B60D86EB35} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C1CC71FF-8764-ADFB-036B-BD513D9AB830} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3802DB0-6240-6D7A-3197-2AC5C46F55B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3EAA18C-9344-C91C-7AEA-9FEE6792B86A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAEA3DE4-DAC7-8DF9-1A53-651E63E86CDF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAFF6042-9822-36A6-4764-C0BF5E59EF31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CBD8F541-0C17-2308-CE59-19ACBB1E7CB6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD01143E-9B70-CB99-C455-87936A69EFA2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD283BB0-5FEA-F204-BC88-8C3CA240315D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CDA7655D-27CA-4F67-07DB-DBE1FF31B073} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE6391C4-346E-13E9-03A2-E8708CCA3B6A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CFEE94A2-6DC5-1DD4-6319-B8255C0DD757} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D1F6B196-AB9F-2B48-C708-0B7CEC5DA4F9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D80AA516-E153-738B-D9EF-24D6EAF3C13B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D83F0117-C7D8-20AF-2100-FD548A73684C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D990B9E1-F168-13E8-1A21-97D04D3C2F96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DA826568-8230-C8BC-199C-3E738A0E5A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB3FF0A6-7AD3-085E-3E59-A4318E82D4A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBE13E5D-7E11-2943-722B-C75B9A94EFED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCAC4288-4597-CC9C-88ED-6AFF6D21C6A6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD794C88-5656-CD9D-4006-4B1319B5B981} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE064CF5-809E-A243-CC14-F5427E5967A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E37E0653-669A-42A9-7EA2-CEC47AAF6D31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E7ABE5A8-D4A3-4BFE-769F-486F9C2ECDC7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8D572F2-ADEF-B062-2E5A-573A092BD258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D55E4-50DB-BF83-81A8-FC5C2FA41AE7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EBB942DD-6CAD-83C9-BB7A-1A229122535B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC1F3079-B552-372A-C22C-02C86B281422} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC52F9A9-BFCA-611C-0CF2-D33A007A66FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE5F21BB-197A-041B-53A6-055C6B35DD91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE7118D1-F99F-AAF0-2F73-A1C63E7FE7B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE743367-DD25-7646-8789-0FEEC66B36C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF0E2DA9-45A3-A38E-FA6A-8A14544A8BE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4761F73-A09E-0085-A899-CE89E4EFC5B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F802FEC2-BF51-3198-4339-747CCF253651} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F81F861E-BD6D-4CF2-2AC2-69DCF3E68324} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA3995AD-2D9D-2CC1-3A3B-1E594D7AF696} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA4880A8-EDFC-DB28-205E-F33B87557FF5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA6A8ADC-5ACF-A739-A8BF-5E4D7B5991C1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC8CAC2E-E32B-0FD0-16A5-10FEAEDA2D44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FD657148-CFF7-B0FA-3DF2-27DD4B37658F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FE0CF482-D7A9-BD18-0056-CF55E4EDD446} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEB91C3C-480E-C2F8-6288-C37F038D2793} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEC81D35-E086-4102-D235-8A516A66EB22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Cleaned with backup
C:\DELL\DellNet Setup\Setup DellNet.exe/Dellnet.exe -> Heuristic.Win32.Dialer : Error during cleaning
:mozilla.6:C:\Documents and Settings\Hubbell\Application Data\Mozilla\Profiles\default\9qckublm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Hubbell\Application Data\Mozilla\Profiles\default\9qckublm.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Richard\Application Data\Mozilla\Profiles\default\hbp46efy.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\WTEJ41AN\loader7[1].htm -> TrojanDownloader.VBS.Psyme.ap : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie
  • 0

#8
Taran_Walker
Posted 18 July 2005 - 12:38 PM

Taran_Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Sorry it cut off half of the ewido log here is the full log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 22:15:38, 17/07/2005
+ Report-Checksum: B2D1F7EB

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00AF6BF7-1C8A-2F68-11A6-3DD4FD5A3DED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{02FFD786-624F-CC5B-7820-BCDEE66D486F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031211BF-70AC-72ED-883D-C47AC7D80AB0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{03986A99-8487-BF06-A53A-7D6D4ED76483} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04EDA6A5-3C09-E146-8F75-5684DDB4E2A7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07D80144-9372-FEAC-AEDD-21AE8732F067} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07FF232E-41D0-38A2-6073-6847AD3E6453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0C5210E4-1BEF-9A5C-6EDA-012321DE19B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{120432D2-986E-D6C9-2056-A678827E97DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A5161CF-197C-FCC5-52C8-1AE7E0BB4A51} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B2B1933-92B1-481C-EB27-35E36BF72B5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C57E571-0B87-8702-2AAF-E058D58BEE62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D05B49E-CC14-E11C-706F-60066BD9D4C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D232F9D-941D-5CD9-732F-8F6EC1977CF2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3E7FA6-E393-C514-F461-E0B59435D825} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6A3B74-3D40-4D48-4D55-E3A0A8029CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F846F72-8833-7B85-FBF7-B2D81D30AB82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20624CF4-3AF3-5A88-257F-7E0B78D56A51} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{211D33BE-B506-603A-E0C1-E50E4D62779F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{226F74F7-94A2-FE96-7B23-B01DD29FD1E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2402BAD1-2B03-B117-D0E4-9685436E0914} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25ABB624-07B4-7709-119D-4C9FB375AB79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26DF6F6C-68C1-432E-7845-1CBFEF199116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2760207D-F6BA-6516-0C1A-8C995844B1D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29F1D625-8BC0-9364-C57C-DB62035ABD50} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A9B7B46-3BB6-BB3C-9E0A-6C988B9DE22E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B3E67AD-604C-9879-98F0-52FDEEAE4D63} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{321EE590-67C6-6B11-CCA5-70323A77E2B6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{353933B6-2ECF-A0F1-F1EB-C0B9FE2EF168} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35CDCE87-6BD6-878A-D4C9-24118A153D34} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3757D8EC-FD1D-A2F5-366B-C8C2FEE89B04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{37E5E66E-C168-B55B-BE2E-8478ED77CD96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A044FBA-5DEF-1ECF-55E6-8A9DE3722CEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9B5DF7-2AB9-16A6-4505-78AF14014B28} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CE36D52-D914-5BA5-C0E2-3F53AE992ABB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EB9E062-47DE-633E-02AB-4AC63DA507E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F18E16D-F794-AD29-32FD-2AA0E587716B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F81823D-B4B4-C3D2-CE8E-E8BB4EF4D52F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{407FFCD2-654F-817E-A2EE-B535B9FBC95D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4095AAF5-BAD2-A97D-D64C-566A52E35C2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44CE9131-E13C-D36A-083A-FAFF61E866CA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44FA143F-05A1-A796-536B-363BB7DC977C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{458710FC-EACF-AA54-F736-6EF18F0FE7C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{483C767C-E381-7083-FD10-379897AEDEFB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A5DA6C7-CAFA-ADBE-1CBD-9DB325C4EB88} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FFB405E-2D99-7374-B6D3-F0CD9DC8744E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50C0BB70-6636-6313-EB71-E592B01EAF21} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{51F242CE-3A79-A2F0-3B9D-50A94CC69C30} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55B26598-4EAA-795A-B6BE-E73AF3E66B1E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{569A8D32-0108-F6A7-6EE3-9094FC97B318} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57E2A8F4-A957-3F30-9323-88485335C5DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{595B569B-A80C-DEE4-5AE6-7AF21D2B6F17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59935BC1-5F4B-96F1-F3B6-C6B36821D102} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5AEDA511-0157-5F17-AC3D-A3D8D05DFE0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9DD78B-6805-11A5-818B-723A508CBC0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E4566F7-825D-2817-0598-1949854654D5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E51824C-52E0-D124-BFC7-DEAEE6504984} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F1C7FC6-359E-6D58-42B3-3E410DB4CADB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{602C9652-36AF-DEC5-DE23-DB34295B6BA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64770A00-0C3B-BCEC-D32D-83EE61896228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66DEB589-B6D4-E95E-2E36-26287464CD11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BE5CD97-C2FD-46BB-5C0A-9634487B916D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D012127-ABB2-BF82-D02A-24CBBD599720} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{710D4788-B064-A3C4-EC29-A9E67ABEF953} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72877DD4-A7A3-8B9D-DEB7-F09CC0629D54} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7656789A-ED76-CC21-B379-9B8792A5DDF6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77CDFCA0-BA97-CA0C-618F-7AA1690AB92B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78757FBB-7367-3BB1-0D47-0212285D9AEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{795714A8-C9C0-E8BD-30DB-A0DA3B603993} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7EFCA545-7AB8-61BF-D7DE-AEA89256912C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821C8BB3-C516-BEE5-C6A4-ECF0D92BF426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{822904F6-6515-F4CA-FCA6-3DD79347C0E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8388F6F7-C7DD-5A32-8A42-7938E184AA5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{841CB982-C366-4290-3F00-95A1A5F3C340} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8424A742-21C5-E92B-D6A5-2B565D796258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{854F3880-4AA1-AF49-995D-6630908AFE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0B6039-9C48-66D5-8BFB-9F32F71C1612} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A457F99-ED79-A514-B791-FCEC37E50B28} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DFCBD6E-113A-2348-6A3E-397AD2C21017} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E22B410-9A68-7588-EDE1-05BA98980E7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8EA257CF-EDDF-09CA-1536-29E313C464B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F6C5DE9-FDDF-569A-0A0F-FEF0E3957F0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{91D36B11-7557-849E-10CC-AF26257149A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9436A461-8EBA-8CCA-C8D5-98D6F786767A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{955B6DF6-295B-AD12-F4CD-B405B76306F9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9564CC48-05D0-7649-4D33-CBDCCFF9913B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9633E7CB-D24D-2353-E8EC-FCF820661F42} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97FD03BF-2223-5BCC-0213-A97E0706011D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{988F33DF-14DB-9347-ED73-E0CDCC695426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A7083BD-566F-B299-344C-47ABCAB6F765} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A91EB6C-6B33-0933-42A8-1A1954F9B35F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C0FBA5F-3F3D-397E-15C0-85E3828D8424} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1455BA-AB98-5AEA-F11B-65367B604345} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EDC0D8F-954E-A638-C240-D52042910A62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F1D249D-1545-56CD-0C52-0C2EE115ABB1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A318BFD4-C3A4-E970-DD27-26C4F5F2AD25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A4842560-CE4E-8858-6B28-E50CEB6F759E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A507C113-55E6-12CB-8EC0-BA8BE1F569B2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A66A7703-9E5D-D32F-B86A-2B0EE436B436} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A66DF143-F487-E2C9-232E-3D99CC47A72F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9BB7C1A-E63B-E0A9-63EB-7124FA52D1B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC06F6E-F261-4E44-CF1D-B1EA9712EF4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC3A456-1DE9-F1B9-912D-E57B58C8E083} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AE9146BD-F3E6-13D0-911B-0CF28B2B624B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEC0D087-CA0B-D7B9-0EE4-BFCC513BFC71} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEF3E64A-B4FC-FC2A-5EF9-4FC735F322D9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B063B761-34B8-42D9-CBCD-08B0A1D3E8D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B2561711-375A-C5C2-DBF9-4F87C6CDEC0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B30EFD56-F6AF-2F6B-C3AB-6571E5627F1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B61BACAE-2CB6-EF24-C53E-8CA0B2907B91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6233EB3-872F-7898-F4A8-3F6A3BAA6D57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B784881A-C236-6F52-D86B-285DC0FC4011} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7F4D50B-EAC3-A3F3-769F-96194A8DECDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B9E19DA8-10A7-4E21-2FBB-FDC66E0CC0B9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA66EA91-C16C-D1A2-86DA-4CC1F4EF8C99} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0FE7F5-AD1D-A795-C683-F3EB54072EFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCE50D6B-B3E6-30B9-72AB-14B60D86EB35} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C1CC71FF-8764-ADFB-036B-BD513D9AB830} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3802DB0-6240-6D7A-3197-2AC5C46F55B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3EAA18C-9344-C91C-7AEA-9FEE6792B86A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAEA3DE4-DAC7-8DF9-1A53-651E63E86CDF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAFF6042-9822-36A6-4764-C0BF5E59EF31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CBD8F541-0C17-2308-CE59-19ACBB1E7CB6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD01143E-9B70-CB99-C455-87936A69EFA2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD283BB0-5FEA-F204-BC88-8C3CA240315D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CDA7655D-27CA-4F67-07DB-DBE1FF31B073} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE6391C4-346E-13E9-03A2-E8708CCA3B6A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CFEE94A2-6DC5-1DD4-6319-B8255C0DD757} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D1F6B196-AB9F-2B48-C708-0B7CEC5DA4F9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D80AA516-E153-738B-D9EF-24D6EAF3C13B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D83F0117-C7D8-20AF-2100-FD548A73684C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D990B9E1-F168-13E8-1A21-97D04D3C2F96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DA826568-8230-C8BC-199C-3E738A0E5A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB3FF0A6-7AD3-085E-3E59-A4318E82D4A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBE13E5D-7E11-2943-722B-C75B9A94EFED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCAC4288-4597-CC9C-88ED-6AFF6D21C6A6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD794C88-5656-CD9D-4006-4B1319B5B981} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE064CF5-809E-A243-CC14-F5427E5967A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E37E0653-669A-42A9-7EA2-CEC47AAF6D31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E7ABE5A8-D4A3-4BFE-769F-486F9C2ECDC7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8D572F2-ADEF-B062-2E5A-573A092BD258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D55E4-50DB-BF83-81A8-FC5C2FA41AE7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EBB942DD-6CAD-83C9-BB7A-1A229122535B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC1F3079-B552-372A-C22C-02C86B281422} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC52F9A9-BFCA-611C-0CF2-D33A007A66FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE5F21BB-197A-041B-53A6-055C6B35DD91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE7118D1-F99F-AAF0-2F73-A1C63E7FE7B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE743367-DD25-7646-8789-0FEEC66B36C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF0E2DA9-45A3-A38E-FA6A-8A14544A8BE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4761F73-A09E-0085-A899-CE89E4EFC5B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F802FEC2-BF51-3198-4339-747CCF253651} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F81F861E-BD6D-4CF2-2AC2-69DCF3E68324} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA3995AD-2D9D-2CC1-3A3B-1E594D7AF696} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA4880A8-EDFC-DB28-205E-F33B87557FF5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA6A8ADC-5ACF-A739-A8BF-5E4D7B5991C1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC8CAC2E-E32B-0FD0-16A5-10FEAEDA2D44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FD657148-CFF7-B0FA-3DF2-27DD4B37658F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FE0CF482-D7A9-BD18-0056-CF55E4EDD446} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEB91C3C-480E-C2F8-6288-C37F038D2793} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEC81D35-E086-4102-D235-8A516A66EB22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Cleaned with backup
C:\DELL\DellNet Setup\Setup DellNet.exe/Dellnet.exe -> Heuristic.Win32.Dialer : Error during cleaning
:mozilla.6:C:\Documents and Settings\Hubbell\Application Data\Mozilla\Profiles\default\9qckublm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Hubbell\Application Data\Mozilla\Profiles\default\9qckublm.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Richard\Application Data\Mozilla\Profiles\default\hbp46efy.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\WTEJ41AN\loader7[1].htm -> TrojanDownloader.VBS.Psyme.ap : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Taran\Application Data\Mozilla\Profiles\default\m6vnvy0g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Taran\Desktop\backups\backup-20050717-174541-426.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Taran\Desktop\backups\backup-20050717-211717-222.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Wendy\Application Data\Mozilla\Profiles\default\kkabsbcu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Wendy\Application Data\Mozilla\Profiles\default\kkabsbcu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Wendy\Application Data\Mozilla\Profiles\default\kkabsbcu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00000534.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00000536.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00000537.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000539.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00000547.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00000548.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc10.rar/Gta Glyn.exe -> Backdoor.Prorat.19.i : Error during cleaning
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc11.zip/Gta Glyn(1).rar/Gta Glyn.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc276.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc277.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc278.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc279.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc280.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc281.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc282.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc283.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc284.exe -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1131039932-650200917-53635222-1006\Dc9.rar/Gta Glyn.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\aapto.txt:fzytb -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\aapto.txt:oakmu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aapto.txt:pqkxl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:djzai -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:fwpjv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:gpvipf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:jgumy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:rgejh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:rjcyw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ACSSetupLog.txt:tjbuo -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:ecutt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:emfov -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:lqeiv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:tufmd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:cyvfq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:fkjum -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:jbuwa -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:nsydkr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:xkxbi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addaq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addon.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addps.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\akbkb.txt:jqzlg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\akbkb.txt:nsayk -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\akbkb.txt:okdle -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\akbkb.txt:pfeda -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\akbkb.txt:srhpr -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\alxoi.txt:balpl -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\alxoi.txt:dukku -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\alxoi.txt:jbrdc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\alxoi.txt:kqgal -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\alxoi.txt:nrhqm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\alxoi.txt:qemfi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\alxoi.txt:uypxo -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\aolback.exe.lnk:ebcfz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aolback.exe.lnk:jlexk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aolback.exe.lnk:mdgtt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aolback.exe.lnk:tdorb -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\apibk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apikz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiro32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appig.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appnn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appss.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appui32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\arves.txt:eaastq -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\atlin.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlry.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlui32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\bejqf.txt:mrtgd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\bejqf.txt:pnigs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bejqf.txt:weufa -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\bejqf.txt:yjzqg -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\blwko.txt:jmywa -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bslcf.txt:gcyxo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bslcf.txt:hxlom -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bslcf.txt:lzvka -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\bslcf.txt:ntvfm -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\btnrb.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\buejx.txt:agyvx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\buejx.txt:sguni -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\buejx.txt:uojgw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\buvtc.txt:bxmot -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\buvtc.txt:cdtpq -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\buvtc.txt:hpkkz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\buvtc.txt:kpwqar -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\buvtc.txt:mfxlu -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\buvtc.txt:nwvdv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\byglv.txt:iowsj -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\byglv.txt:ioykq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\byglv.txt:m
  • 0

#9
Taran_Walker
Posted 18 July 2005 - 12:43 PM

Taran_Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Sorry again it is not the full scan i will attach it now here is the ewido scan attached

Attached Files


  • 0

#10
Buckeye_Sam
Posted 18 July 2005 - 05:13 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Boy that's a doozie! :tazz:

But it seems to have worked.


Click Start -> Run -> (type) services.msc

Scroll down and find the service called Workstation NetLogon Service When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.


Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
Copy and paste this into the text box and click OK.

11Fßä#·ºÄÖ`I


Reboot and post a new hijackthis log.
  • 0

#11
Buckeye_Sam
Posted 02 August 2005 - 06:58 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP