Hi TampaBelle!
8:53 AM 9/22/05
Yesterday in order to access my system, I eventually in desperation had to resort to running some of my anti-malware programs. I dumped my Recycle Bin & did a full scan with Ad-AwareSE, followed by a scan with Spybot S&D, letting them quarantine & remove all fixable items. Spybot reported it could not remove one file as it was in ?use/memory?. This regained 'limited' use of the computer, letting me sign on and switch users to my regular WinXP 'User' account..... But I still could not close Windows normally...getting a repeated !Error message while 'something' kept trying to install itself. I just kept hitting Alt+F4 until I could press the power-off switch.
Here is printout of your instructions, with actions taken & reactions; & notes of differences discovered. Note that several of the files etc you advised to delete, had apparently already already been 'killed' by the AdAwareSE & Spybot processing mentioned above.
******
NOTE: PRINTOUT OF NEW GEEKStoGO INSTRS: in email fm tampabelle
>>> Each step followed with notes as added, indicated by '>>>' marks under instructions.
Please print out these instructions or copy them into a text file on your Desktop for easy access.
During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed. In case you have some of the programs already downloaded, then you can use the already downloaded programs. However you may need to update the files in some of the case (like Ewido).
1. Download Programs
Please download these programs and save them in a new folder on your desktop -
CleanUp -
http://www.geekstogo...tion=show&id=49 rbkiller.exe -
http://www.wildersse...ds/rbkiller.exe FxISTBar.exe -
http://securityrespo...er/FxIstbar.exe Ewido Security Suite -
http://www.ewido.net/en/download/ >>> Done. Already had Ewido (ran up date) & Cleanup.
Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.
2. Remove Infections
Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).
Run FxISTBar.exe
>>> "Adwar.Istbar has not been found on your computer"
>>> (Possibly removed by AdwareSE scan...) Note: Took ~45 mins...thorough!
Run rbkiller.exe
>>> "No RapidBlaster processes detected" Note: Took 3 seconds!
Run Ewido full scan. Let it fix any items it finds.
>>> ~55 mins: 115 infected objs
>>> Cleaned 107, then gave "Warning: The file "C:\Docs and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K17VYREP\ysb_pictures[1].cab/YSBactivex.dll"
cannot be removed because it is embedded in the archive "C:\Docs and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K17VYREP\ysb_pictures[1].cab" Do you want to remove the whole archive?
[Yes] [No]...took [Yes]
>>> Scan & clean completed, took 'save report'
>>> Scan Report_20050922 saved in Reports folder of Ewido Suite folder
>>> Pasted onto bottom of this.
3. Run Hijack This
Run Hijack This and click on scan. The following items need to be fixed -
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
>>> "Default URLSearchHook is missing" Clicked box anyway.
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uBIVHfEqQ] C:\WINDOWS\wkfglxc.exe
>>> 5 above files not found
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
>>> Present; checked box
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\InternetOptimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Rzuenb.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [nstkbmd] C:\WINDOWS\nstkbmd.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ereits.exe
>>> 6 above files not found
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.co...sb_pictures.cabO16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
http://www.180search...com/180saax.cab>>> 2 above files not found. Note: checked carefully & rechecked for these names & any variants!
Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.
>>> Did: 2 items fixed
4. Delete Rogue files
Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -
180 Solutions
Uninstall180 search assistant
Your Site Bar
>>> Above 3 not found.
Surf Accuracy
>>> Found: Clicked on; Info window opened: Size -0.14Mb Used: rarely
clicked 'Change/remove button': "Uninstaller error - An error occurred while trying to remove Surf Accuracy. It may have already been uninstalled. Would you like to remove Surf Accuracy from the Remove Program list? Took 'Yes'. Note: check later for 0.14 Mb file!!
Internet Optimizer
Power Scan
>>> Above 2 not found.
Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -
Folders
c:\program files\180searchassistant\saishook.dll
C:\Program Files\YourSiteBar\ysb.dll
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Power Scan\powerscan.exe
>>> Only 'SurfAccuracy' folder was present - took 'Shift+Del', to bypass Recycle Bin; Deleted. (Folder contained 3 files...names not noted)
Files
C:\WINDOWS\nem220.dll
C:\WINDOWS\wkfglxc.exe
C:\WINDOWS\nstkbmd.exe
>>> Did 'Search' in WINDOWS: above 3 none found
C:\WINDOWS\system32\Rzuenb.exe
>>> Search in WINDOWS Found 'RZUENB.exe-1FAF3466.pf' but in C:\WINDOWS\Prefetch folder (29Kb). Did not delete. Should it be??
C:\WINDOWS\system32\Ereits.exe
>>> Re 'Ereits.exe'
Search for 'Ereits' in Windows folder found 17 files:
In C:\WINDOWS\Prefetch:
EREITS.EXE-05A0E918.pf (31KB PF file)
And in C:\WINDOWS\system32:
Ereits (224KB Application) (Mouseover Info shows Description: Redirect MFC Application)
Ereitsdk (1KB XML document) ( " " shows only 'Type: XML Doc'; ditto all below)
Ereitsk (490KB XML document)
Ereitsk1 (390KB XML document)
Ereitsk2 (265KB XML document)
Ereitsu (1,837KB XML document)
Ereitsu1 (1,405KB XML document)
Ereitsu2 (1,210KB XML document)
Ereitsu3 (18KB XML document)
NewEreitsk (25KB XML document)
NewEreitsk1 (15KB XML document)
NewEreitsk2 (14KB XML document)
NewEreitstime (1KB XML document)
NewEreitsu (139KB XML document)
NewEreitsu1 (95KB XML document)
NewEreitsu2 (74KB XML document)
>>> Following instructions 'to the letter', deleted only the 'Ereits' Appl file. (Shift+Del)
>>> Note: if other 16 files are not required, would prefer to delete ALL completely (disk space, & sense of well-being!) Would it be safe, wise & prudent to do so??
Run CleanUp and delete all temp files including temporary internet files
>> Done. Noted "Run MRU list removed from registry. Telnet's MRU list removed from registry. Recovered 90.4 Mb of disk space from 6507 files"
Reboot the PC in Normal Mode.
Run Hijack This and post a fresh HJT log along with Ewido scan report.
^^^^^^^^^^^^^^^^^^^^ HIJACK THIS REPORT FOLLOWS ^^^^^^^^^^^^^^^^^^^^^^
Logfile of HijackThis v1.99.1
Scan saved at 1:32:56 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program DLs\Hijack This\hijackthisAPP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus8l.hpwis.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!
\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2
\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft
Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Yahoo! Poker -
http://download.game...nts/y/pt3_x.cabO16 - DPF: Yahoo! Pyramids -
http://download.game...ts/y/pyt1_x.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp...oads/msxml4.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
^^^^^^^^^^^^^^^^^^^^ EWIDO SCAN REPORT FOLLOWS ^^^^^^^^^^^^^^^^^^^^^^^
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:55:28 AM, 9/22/2005
+ Report-Checksum: 47823509
+ Scan result:
HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?
#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer
: Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar :
Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} -> Spyware.Zango : Cleaned
with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][1].txt -> Spyware.Cookie.Yieldmanager :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt -> Spyware.Cookie.Specificclick :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt -> Spyware.Cookie.Addynamix :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned
with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned
with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt ->
Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][2].txt -> Spyware.Cookie.2o7 :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@questionmarket[1].txt -> Spyware.Cookie.Questionmarket :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned
with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][1].txt -> Spyware.Cookie.Burstbeacon :
Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf
[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned
with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\Del2D.tmp -> TrojanDownloader.Small.asf : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\res2E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\dealhelper[1].exe
-> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\ibar[1].js ->
TrojanDownloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\optimize[1].exe ->
TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\sacc_remove
[1].exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\ysb[1].dll ->
Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\downloaddll[1].htm
-> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\power_remove
[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\stubinstaller5041
[1].ex_ -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\ysb_pictures
[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SHIJOXYN\dun[1].exe ->
Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\istsvc[1].exe ->
TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5
\SPY7KX2N\SAcc.prod.v1110.07sep2005.exe[1].cbb24cb3f875a3f41512d11e2ae33ba7 -> Spyware.SurfAccuracy : Cleaned with
backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\version[1].exe ->
Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\ysb_prompt
[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\Rzuenb.exe -> Spyware.DealHelper : Cleaned with backup
::Report End
^^^^^^^^^^^^^^^^^^^^ END OF REPORTS - NOTES FOLLOW ^^^^^^^^^^^^^^^^^^^
Note: WHEW! Turned into an all-day job! Man, this is too much like work!! *LOL*
But so far, it appears things have returned pretty much to normal. Now THERE's a big WHEW!! Also noted the '180search' icon has disappeared from my task tray.
Please notice several questions inserted above the end reports, concerning differences noted --in particular, the multiple 'Ereits' files and the 'RZUENB.EXE\~~~.pf file. Please respond to these so I know you've noted & seen them!
Also, I have a reasonably good idea of the actions that gave me this nasty 'bugging', if you would care for the details. Let me know. Basically, I Googled up a picture of a name mentioned in a Yahoo News article so I could see who it was. When I clicked it to close, the fun started!
Of note: I pasted your instructions onto Notepad & saved a copy to a 'virgin' floppy disk, so I could open it on my desktop screen & follow along (rather than print it out - printer's on the fritz). Just before I inserted the floppy into the A: drive, some 'Guardian Angel' told me I might oughta do a virus scan first. And whattaya know....there were 3 '.exe' infection files found on the floppy! This thing WAS a booger!! (The floppy is in the garbage can now, crushed.)
Finally, before I forget to mention - I am pretty dismayed that, despite all the security I have installed, how quickly such a set of 'beasties' got past it all & installed themselves. Is there anything 'out there' that will prevent this kind of happening?
OK.....better stop here if you're gonna be done by this weekend *LOL*. Any more steps I should do from this point??
And as always, thanks, BIG time! ~8)
~Jay