[wxnil]

I followed the instructions in this post:

http://www.geekstogo...ork-t41281.html

Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:28 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\rwcvwfz.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\Documents and Settings\Kathy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [\\JEFF\EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P30 "\\JEFF\EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [jppypg] c:\windows\system32\rwcvwfz.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pcm: C:\PROGRA~1\INTERN~1\PLUGINS\NpCurMem.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Pinochle - http://download.game...nts/y/ut2_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

***********************************************************

Started Scanning
Internet Cookies
Found 'perf.overture.com' in 'Internet Explorer Cache'
Found 'about.com' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'linksynergy.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'maxserving.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\iMesh'
Found '' in 'SOFTWARE\Classes\.imesh'
Found '' in 'SOFTWARE\Classes\.imusr'
Found '' in 'SOFTWARE\Classes\IMESH.Document'
Found '' in 'SOFTWARE\Classes\iMeshClient.DocHostUIHandler'
Found '' in 'SOFTWARE\Classes\iMeshClient.DocHostUIHandler\Clsid'
Found '' in 'SOFTWARE\Classes\IMUSR.Document'
Found '' in 'SOFTWARE\Classes\IMUSR.Document\shell\open\command'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh'
Found '' in 'SOFTWARE\iMesh\Client'
Found '' in 'SOFTWARE\iMesh\Client\Local'
Found '' in 'SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32'
Found '' in 'Software\intexp'
Found '' in 'Software\intexp\Config'
Found '' in 'Software\intexp\MyFileSystem2'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{341FB59F-3507-443b-8147-423B4E3B2B15}'
Found '' in 'SOFTWARE\Classes\CLSID\{341FB59F-3507-443b-8147-423B4E3B2B15}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{341FB59F-3507-443b-8147-423B4E3B2B15}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{341FB59F-3507-443b-8147-423B4E3B2B15}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{341FB59F-3507-443b-8147-423B4E3B2B15}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\Interface\{030A8576-686B-479A-AF79-94B9FEA79BC5}'
Found '' in 'SOFTWARE\Classes\Interface\{030A8576-686B-479A-AF79-94B9FEA79BC5}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{030A8576-686B-479A-AF79-94B9FEA79BC5}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{030A8576-686B-479A-AF79-94B9FEA79BC5}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{1D22A25E-B181-4AEE-88FF-2209F7C24FCB}'
Found '' in 'SOFTWARE\Classes\Interface\{1D22A25E-B181-4AEE-88FF-2209F7C24FCB}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{1D22A25E-B181-4AEE-88FF-2209F7C24FCB}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{1D22A25E-B181-4AEE-88FF-2209F7C24FCB}\TypeLib'
Found '' in 'SOFTWARE\Classes\OESearch.OESearchHook'
Found '' in 'SOFTWARE\Classes\OESearch.OESearchHook.1'
Found '' in 'SOFTWARE\Classes\OESearch.OESearchHook.1\CLSID'
Found '' in 'SOFTWARE\Classes\OESearch.OESearchHook\CLSID'
Found '' in 'SOFTWARE\Classes\OESearch.OESearchHook\CurVer'
Found '' in 'SOFTWARE\Classes\TypeLib\{8594CB7B-5A4B-414C-B40F-6C42152B4D2B}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{8594CB7B-5A4B-414C-B40F-6C42152B4D2B}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{8594CB7B-5A4B-414C-B40F-6C42152B4D2B}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{8594CB7B-5A4B-414C-B40F-6C42152B4D2B}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{92A0BFEF-D370-4D4F-BA70-F0C0AFB19B9F}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{92A0BFEF-D370-4D4F-BA70-F0C0AFB19B9F}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{92A0BFEF-D370-4D4F-BA70-F0C0AFB19B9F}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{92A0BFEF-D370-4D4F-BA70-F0C0AFB19B9F}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{ECC4AB37-565F-4424-8802-E4BC7766BA58}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{ECC4AB37-565F-4424-8802-E4BC7766BA58}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{ECC4AB37-565F-4424-8802-E4BC7766BA58}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{ECC4AB37-565F-4424-8802-E4BC7766BA58}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\Update.Redirector'
Found '' in 'SOFTWARE\Classes\Update.Redirector.1'
Found '' in 'SOFTWARE\Classes\Update.Redirector.1\CLSID'
Found '' in 'SOFTWARE\Classes\Update.Redirector\CLSID'
Found '' in 'SOFTWARE\Classes\Update.Redirector\CurVer'
Found 'InstallDay' in 'Software\intexp\Config'
Found 'KeywordMatch' in 'Software\intexp\Config'
Found 'LogUrl' in 'Software\intexp\Config'
Found 'SystemDate' in 'Software\intexp\Config'
Found 'SystemID' in 'Software\intexp\MyFileSystem2'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1\CLSID'
Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG'
Found 'Win Server Updt' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib'
Found '' in 'SOFTWARE\MyWebSearch'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall'
Found '' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found '' in 'SOFTWARE\FunWebProducts'
Found '' in 'SOFTWARE\FocusInteractive'
Found '' in 'SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}'
Found '' in 'SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}'
Found '' in 'SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}'
Found '' in 'SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}'
Found '' in 'SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}'
Found '' in 'SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1'
Found '' in 'SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller'
Found '' in 'SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1'
Found '' in 'SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin'
Found '' in 'SOFTWARE\Classes\MyWebSearch.OutlookAddin.1'
Found '' in 'SOFTWARE\Classes\MyWebSearch.OutlookAddin'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu.2'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu'
Found '' in 'SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}'
Found '' in 'SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}'
Found '' in 'SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}'
Found '' in 'SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}'
Found '' in 'SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}'
Found '' in 'SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}'
Found '' in 'SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}'
Found '' in 'SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}'
Found '' in 'SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'Software\MyWebSearch'
Found '' in 'SOFTWARE\Fun Web Products'
Found 'LoadBehavior' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'FriendlyName' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'Description' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'LoadBehavior' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found 'FriendlyName' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found 'Description' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found '{825CF5BD-8862-4430-B771-0C15C5CA8DEF}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found 'iebar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform'
Found 'Search Bar' in 'Software\Microsoft\Internet Explorer\Main'
Found 'Search Page' in 'Software\Microsoft\Internet Explorer\Main'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0'
Found '' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'SOFTWARE\Classes\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found 'AppID' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'Wbho.Band.1'
Found '' in 'CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'IMIToolbar.PopupBrowser.1'
Found '' in 'CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'IMIToolbar.LeftFrame.1'
Found '' in 'IMIToolbar.BottomFrame.1'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'IMIToolbar.PopupWindow.1'
Found '' in 'CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found 'Win Server Updt' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found 'Search Bar' in 'Software\Microsoft\Internet Explorer\Main'
Found '' in 'AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'AppID\LoaderX.EXE'
Found '' in 'TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\WINDOWS\SYSTEM32\FLEOK'
Found 'kill all spywareadsfadsf123.ico' in 'C:\WINDOWS\SYSTEM32'
Found 'EECH1.bsx' in 'C:\WINDOWS\cfgmgr52'
Found 'SPZ3.bsx' in 'C:\WINDOWS\cfgmgr52'
Found '' in 'C:\Program Files\Lycos'
Found '' in 'C:\Program Files\Lycos\Sidesearch'
Found '' in 'C:\Program Files\eZula'
Found 'rwds.rst' in 'C:\Program Files\eZula'
Found 'param.ez' in 'C:\Program Files\eZula'
Found 'legend.lgn' in 'C:\Program Files\eZula'
Found 'genun.ez' in 'C:\Program Files\eZula'
Found 'basis.pu' in 'C:\Program Files\eZula'
Found '' in 'C:\Program Files\eZula\Images'
Found 'spacer.gif' in 'C:\Program Files\eZula\Images'
Found 'Side_Top.gif' in 'C:\Program Files\eZula\Images'
Found 'arrow1.gif' in 'C:\Program Files\eZula\Images'
Found 'arrow2.gif' in 'C:\Program Files\eZula\Images'
Found 'button_small.gif' in 'C:\Program Files\eZula\Images'
Found 'icon.gif' in 'C:\Program Files\eZula\Images'
Found 'Layer_Bottom.gif' in 'C:\Program Files\eZula\Images'
Found 'Layer_Center.gif' in 'C:\Program Files\eZula\Images'
Found 'Layer_Top.gif' in 'C:\Program Files\eZula\Images'
Found 'new.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Follow_divider.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Follow_Left.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Follow_Off.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Follow_On.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Follow_Right.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Top.gif' in 'C:\Program Files\eZula\Images'
Found 'PopUp_Top_Bottom.gif' in 'C:\Program Files\eZula\Images'
Found 'Side_B.gif' in 'C:\Program Files\eZula\Images'
Found 'Side_L.gif' in 'C:\Program Files\eZula\Images'
Found 'Side_R.gif' in 'C:\Program Files\eZula\Images'
Found '' in 'C:\Program Files\FunWebProducts'
Found '' in 'C:\Program Files\FunWebProducts\Shared'
Found '' in 'C:\Program Files\MyWebSearch'
Found '' in 'C:\Program Files\MyWebSearch\bar'
Found '' in 'C:\Program Files\AutoUpdate'
Found 'libexpat.dll' in 'C:\Program Files\AutoUpdate'
Found '334F7F49-DCD6-40E2-891D-18FD17' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1F466BF0-2337-4D93-ACC5-45D550'
Found '13E9BEFF-3100-426C-BB47-D52A99' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1F466BF0-2337-4D93-ACC5-45D550'
Found 'D1B107E1-4B95-48B2-8647-F734E0' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1F466BF0-2337-4D93-ACC5-45D550'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Unable to delete registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win Server Updt'. Error=2.
Checking for 'C:\WINDOWS\SYSTEM32\FLEOK' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\FLEOK' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\FLEOK'
Checking for 'C:\WINDOWS\SYSTEM32\kill all spywareadsfadsf123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\kill all spywareadsfadsf123.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\kill all spywareadsfadsf123.ico'
Checking for 'C:\WINDOWS\cfgmgr52\EECH1.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\cfgmgr52\EECH1.bsx' in startup areas.
Cleaning 'C:\WINDOWS\cfgmgr52\EECH1.bsx'
Checking for 'C:\WINDOWS\cfgmgr52\SPZ3.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\cfgmgr52\SPZ3.bsx' in startup areas.
Cleaning 'C:\WINDOWS\cfgmgr52\SPZ3.bsx'
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas.
Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas.
Cleaning 'C:\Program Files\Lycos\Sidesearch'
[SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula' in shortcut areas.
Checking for 'C:\Program Files\eZula' in startup areas.
Cleaning 'C:\Program Files\eZula'
Checking for 'C:\Program Files\eZula\version.vrn' in shortcut areas.
Checking for 'C:\Program Files\eZula\version.vrn' in startup areas.
Cleaning 'C:\Program Files\eZula\version.vrn'
Checking for 'C:\Program Files\eZula\upgrade.vrn' in shortcut areas.
Checking for 'C:\Program Files\eZula\upgrade.vrn' in startup areas.
Cleaning 'C:\Program Files\eZula\upgrade.vrn'
Checking for 'C:\Program Files\eZula\rwds.rst' in shortcut areas.
Checking for 'C:\Program Files\eZula\rwds.rst' in startup areas.
Cleaning 'C:\Program Files\eZula\rwds.rst'
Checking for 'C:\Program Files\eZula\param.ez' in shortcut areas.
Checking for 'C:\Program Files\eZula\param.ez' in startup areas.
Cleaning 'C:\Program Files\eZula\param.ez'
Checking for 'C:\Program Files\eZula\legend.lgn' in shortcut areas.
Checking for 'C:\Program Files\eZula\legend.lgn' in startup areas.
Cleaning 'C:\Program Files\eZula\legend.lgn'
Checking for 'C:\Program Files\eZula\genun.ez' in shortcut areas.
Checking for 'C:\Program Files\eZula\genun.ez' in startup areas.
Cleaning 'C:\Program Files\eZula\genun.ez'
Checking for 'C:\Program Files\eZula\basis.rst' in shortcut areas.
Checking for 'C:\Program Files\eZula\basis.rst' in startup areas.
Cleaning 'C:\Program Files\eZula\basis.rst'
Checking for 'C:\Program Files\eZula\basis.pu' in shortcut areas.
Checking for 'C:\Program Files\eZula\basis.pu' in startup areas.
Cleaning 'C:\Program Files\eZula\basis.pu'
Checking for 'C:\Program Files\eZula\basis.kwd' in shortcut areas.
Checking for 'C:\Program Files\eZula\basis.kwd' in startup areas.
Cleaning 'C:\Program Files\eZula\basis.kwd'
Checking for 'C:\Program Files\eZula\basis.dst' in shortcut areas.
Checking for 'C:\Program Files\eZula\basis.dst' in startup areas.
Cleaning 'C:\Program Files\eZula\basis.dst'
Checking for 'C:\Program Files\eZula\Images\spacer.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\spacer.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\spacer.gif'
Checking for 'C:\Program Files\eZula\Images\Side_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_Top.gif'
Checking for 'C:\Program Files\eZula\Images\arrow1.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\arrow1.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\arrow1.gif'
Checking for 'C:\Program Files\eZula\Images\arrow2.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\arrow2.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\arrow2.gif'
Checking for 'C:\Program Files\eZula\Images\button_small.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\button_small.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\button_small.gif'
Checking for 'C:\Program Files\eZula\Images\icon.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\icon.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\icon.gif'
Checking for 'C:\Program Files\eZula\Images\Layer_Bottom.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Bottom.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Bottom.gif'
Checking for 'C:\Program Files\eZula\Images\Layer_Center.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Center.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Center.gif'
Checking for 'C:\Program Files\eZula\Images\Layer_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Top.gif'
Checking for 'C:\Program Files\eZula\Images\new.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\new.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\new.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Top.gif'
Checking for 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif'
Checking for 'C:\Program Files\eZula\Images\Side_B.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_B.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_B.gif'
Checking for 'C:\Program Files\eZula\Images\Side_L.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_L.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_L.gif'
Checking for 'C:\Program Files\eZula\Images\Side_R.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_R.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_R.gif'
Checking for 'C:\Program Files\eZula\INSTALL.LOG' in shortcut areas.
Checking for 'C:\Program Files\eZula\INSTALL.LOG' in startup areas.
Cleaning 'C:\Program Files\eZula\INSTALL.LOG'
Checking for 'C:\Program Files\eZula\rwds.rst' in shortcut areas.
Checking for 'C:\Program Files\eZula\rwds.rst' in startup areas.
Cleaning 'C:\Program Files\eZula\rwds.rst'
[SCANMODS] The file 'C:\Program Files\eZula\rwds.rst' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\param.ez' in shortcut areas.
Checking for 'C:\Program Files\eZula\param.ez' in startup areas.
Cleaning 'C:\Program Files\eZula\param.ez'
[SCANMODS] The file 'C:\Program Files\eZula\param.ez' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\legend.lgn' in shortcut areas.
Checking for 'C:\Program Files\eZula\legend.lgn' in startup areas.
Cleaning 'C:\Program Files\eZula\legend.lgn'
[SCANMODS] The file 'C:\Program Files\eZula\legend.lgn' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\genun.ez' in shortcut areas.
Checking for 'C:\Program Files\eZula\genun.ez' in startup areas.
Cleaning 'C:\Program Files\eZula\genun.ez'
[SCANMODS] The file 'C:\Program Files\eZula\genun.ez' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\basis.pu' in shortcut areas.
Checking for 'C:\Program Files\eZula\basis.pu' in startup areas.
Cleaning 'C:\Program Files\eZula\basis.pu'
[SCANMODS] The file 'C:\Program Files\eZula\basis.pu' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images' in startup areas.
Cleaning 'C:\Program Files\eZula\Images'
[SCANMODS] The file 'C:\Program Files\eZula\Images' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\spacer.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\spacer.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\spacer.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\spacer.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Side_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_Top.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Side_Top.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\arrow1.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\arrow1.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\arrow1.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\arrow1.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\arrow2.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\arrow2.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\arrow2.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\arrow2.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\button_small.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\button_small.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\button_small.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\button_small.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\icon.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\icon.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\icon.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\icon.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Layer_Bottom.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Bottom.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Bottom.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Layer_Bottom.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Layer_Center.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Center.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Center.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Layer_Center.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Layer_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Layer_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Layer_Top.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Layer_Top.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\new.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\new.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\new.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\new.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Follow_divider.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Follow_Left.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Follow_Off.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Follow_On.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Follow_Right.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Top.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Top.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Side_B.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_B.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_B.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Side_B.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Side_L.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_L.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_L.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Side_L.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\eZula\Images\Side_R.gif' in shortcut areas.
Checking for 'C:\Program Files\eZula\Images\Side_R.gif' in startup areas.
Cleaning 'C:\Program Files\eZula\Images\Side_R.gif'
[SCANMODS] The file 'C:\Program Files\eZula\Images\Side_R.gif' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\FunWebProducts' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\temp.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\temp.html' in startup areas.
Cleaning 'C:\Program F

[Advertisements]

Hello and welcome!

Please print these instructions out, or write them down, as you can't read them during the fix. Be sure to ask any questions before proceeding the fix.

First;

Please download Ewido Security Suite it is a free version of the program.

• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch Ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
  
• You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")
• Exit Ewido. DO NOT run a scan yet.

If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

To reboot into Safe Mode with Windows XP, you can follow these steps from Microsoft;

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on Nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open Ewido and do a scan of your system.

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE; During some scans with Ewido it is finding cases of false positives.**
  • You will need to step through the process of cleaning files one-by-one.
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found, select none for now as the action.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Now run HijackThis, click Scan, check the following objects for removal;

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [jppypg] c:\windows\system32\rwcvwfz.exe r

Close any other open windows and/or open browsers, making sure that only HiJackThis is running at that time. Make sure that the above mentioned objects are all checked, then hit "Fix Checked". Exit HJT.
NOTE; The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Using Windows Explorer, locate the following file and delete if present;
c:\windows\system32\rwcvwfz.exe (It must be named as the 04 when fixed in HJT.)

Now run CCleaner.

• Uncheck "Cookies" under "Internet Explorer".
• If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
• Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

REBOOT!!
Boot up into normal mode, run a new scan with HiJackThis & post the fresh log here along with the log from Ewido using Add Reply.

- Rawe

[Rawe]

Hello and welcome!

Please print these instructions out, or write them down, as you can't read them during the fix. Be sure to ask any questions before proceeding the fix.

First;

Please download Ewido Security Suite it is a free version of the program.

• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch Ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
  
• You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")
• Exit Ewido. DO NOT run a scan yet.

If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

To reboot into Safe Mode with Windows XP, you can follow these steps from Microsoft;

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on Nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open Ewido and do a scan of your system.

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE; During some scans with Ewido it is finding cases of false positives.**
  • You will need to step through the process of cleaning files one-by-one.
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found, select none for now as the action.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Now run HijackThis, click Scan, check the following objects for removal;

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [jppypg] c:\windows\system32\rwcvwfz.exe r

Close any other open windows and/or open browsers, making sure that only HiJackThis is running at that time. Make sure that the above mentioned objects are all checked, then hit "Fix Checked". Exit HJT.
NOTE; The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Using Windows Explorer, locate the following file and delete if present;
c:\windows\system32\rwcvwfz.exe (It must be named as the 04 when fixed in HJT.)

Now run CCleaner.

• Uncheck "Cookies" under "Internet Explorer".
• If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
• Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

REBOOT!!
Boot up into normal mode, run a new scan with HiJackThis & post the fresh log here along with the log from Ewido using Add Reply.

- Rawe

[Rawe]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.