Logfile of HijackThis v1.99.1
Scan saved at 9:10:02 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\mshta.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Documents and Settings\Kym\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Kym\LOCALS~1\Temp\se.dll/spage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/comcast.html
R3 - URLSearchHook: (no name) - {D11939CE-4B7D-F8E8-8711-1DE3F6BFAD61} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B5F2580-5E23-4C92-B9B7-CF0733F845D8} - (no file)
O2 - BHO: (no name) - {3877E062-D2C8-43EB-8209-04C8662CB13B} - (no file)
O2 - BHO: TChkBHO Class - {4750E6AD-06B7-4F2C-8B74-C23486C1A02D} - C:\WINDOWS\system32\sknik.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {678E9E21-2056-45E6-84AC-222AE736B519} - (no file)
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O4 - Global Startup: winspool.hta
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://127.0.0.1/CFI...sses/CFJava.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132381115531
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124281532340
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.c.....AST SETUP.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D618CA-E834-43F7-8EE9-1B6C548E293E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AC764B3-4A54-48B8-BEBA-0A411F9FF076}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{64E28990-1571-4187-991C-B80D0636B487}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F0DE04-F2DE-4465-9C9A-37E4C7D37AA0}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C06E95F3-59D6-4AFF-9E0F-C18F00D99AB4}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B2A559-30EF-4010-88BB-118C46EABB3B}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F093B4DD-E648-4308-BF00-28377A7E9A03}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS3\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\jrun".exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
Below is the Ewido Report:
+ Created on: 8:11:40 AM, 11/26/2005
+ Report-Checksum: 5BE924BD
+ Scan result:
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01FC5803-8644-45D7-877B-5A3924D8ECC4}\TypeLib\\ -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ACC4DBFF-71AF-4227-A86D-8777429F56BD} -> Spyware.ScratchAndWin : Cleaned with backup
HKLM\SOFTWARE\Classes\Eac_mindef.MDefControl\CLSID\\ -> Spyware.StopSign : Cleaned with backup
HKLM\SOFTWARE\Classes\Eac_mindef.MDefControl.1\CLSID\\ -> Spyware.StopSign : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2DDD90D6-F153-4EA7-A324-4B2D83D1027E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{68831D00-169E-4FEB-89B9-E099DF439321} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{68831D00-169E-4FEB-89B9-E099DF439321}\TypeLib\\ -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchBarToolbar.SearchBar\Clsid\\ -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Classes\Support.Application\CLSID\\ -> Spyware.ScratchAndWin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{15E7D23B-736E-46FA-BFFD-CBEC4126BEFD} -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}\\BandCLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEGator.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEGator.dll\\{54E7E082-1DA6-412E-96B5-C290FCEF5329} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PdpPlugin5094.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PdpPlugin5094.dll\\{C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\DelFin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{BF69DF00-2734-477F-8257-27CD04F88779} -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23DDAE8C-6A79-4D62-80AA-E95D89CB9811} -> Spyware.SearchExplorer : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\NavExcel Ltd -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-18\Software\Updater -> Spyware.KeenValue : Cleaned with backup
C:\578be110.exe.tcf -> Spyware.ISearch : Cleaned with backup
C:\Documents and Settings\Kym\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kym\Cookies\kym@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kym\Local Settings\Temporary Internet Files\Content.IE5\STE7STER\runsvc33[1].exe -> Spyware.ISearch : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Sy350\350_1.dat -> Spyware.TopMoxie : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SearchRelevancy -> Spyware.Relevance : Cleaned with backup
C:\Program Files\SearchRelevancy\SearchRelevancy.xml -> Spyware.Relevance : Cleaned with backup
C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Toolbar\nzqlihv.wzg -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1\A0000013.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1\A0001013.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0001097.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0001128.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0003127.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0006130.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012164.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012471.dll -> Spyware.FWN : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012472.dll -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012473.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012474.exe -> TrojanDropper.Small.xl : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012475.dll -> Spyware.SBSoft : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012476.exe -> Trojan.DNSChanger.k : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012477.exe -> TrojanDownloader.NSIS.Gen : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012478.EXE -> TrojanDownloader.Small.wk : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012479.exe -> Spyware.VB : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\install007.exe.tcf -> Trojan.SecondThought.ao : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\search3.dll -> Spyware.MegaSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCommX.dll.tcf -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85-1.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\AcsProxy.dll.tcf -> Spyware.FWN : Cleaned with backup
C:\WINDOWS\system32\ATPartners.dll.tcf -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\WINDOWS\system32\dmsadmins.exe.tcf -> Spyware.Msnagent : Cleaned with backup
C:\WINDOWS\system32\dumpsprep.exe.tcf -> TrojanDropper.Small.xl : Cleaned with backup
C:\WINDOWS\system32\hybsys32.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\ie2cltr.dll.tcf -> Spyware.SBSoft : Cleaned with backup
C:\WINDOWS\system32\IfMegaWbr.dll -> TrojanDropper.Small.xm : Cleaned with backup
C:\WINDOWS\system32\InstaFinder_inst.exe -> Spyware.InstaFinder.a : Cleaned with backup
C:\WINDOWS\system32\ipdnssec6.exe.tcf -> Trojan.DNSChanger.k : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\MegasearchBarSetup.exe.tcf -> TrojanDownloader.NSIS.Gen : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Spyware.MarketScore : Cleaned with backup
C:\WINDOWS\system32\sknik.dll -> Spyware.WurldMedia : Cleaned with backup
C:\WINDOWS\system32\TVM_B5_Bundle_6.EXE.tcf -> TrojanDownloader.Small.wk : Cleaned with backup
C:\WINDOWS\system32\unregister.exe.tcf -> Spyware.VB : Cleaned with backup
C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe -> Spyware.WebRebates.g : Cleaned with backup
C:\WINDOWS\tmp.hta -> TrojanDownloader.Psyme.at : Cleaned with backup
::Report End