Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijak this log

Started by SharkNH , Dec 17 2005 11:26 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 17 December 2005 - 11:26 AM

First time Hijak this user... just trying to find out whats going on on a few of my computers... I'll post this one today.

On this computer, I am still having signs popup of spyware still on the computer... how does this look? Anything look wrong/suspicious? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:23:36 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\installs\Spyware stuff\HijackThis.exe

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsz40C.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasjaoj.dll (file missing)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nswA1.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AutoLoadersFxe1JYXVMaV] "C:\WINDOWS\system32\ie4tils.exe"
O4 - HKLM\..\Run: [ssEU37l] ie4tils.exe
O4 - HKLM\..\Run: [wqdsoar] C:\WINDOWS\wqdsoar.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O17 - HKLM\System\CCS\Services\Tcpip\..\{66351BAD-2E03-4C63-BF21-17FBD99A6C2C}: NameServer = 205.188.146.145
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - C:\Program Files\CMMan\mfhlp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gdfbyne.exe (file missing)

    Advertisements

Register to Remove

#2 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 30 December 2005 - 12:09 PM

I was just wondering... is there anybody that can assist me with this?

#3 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 December 2005 - 05:36 AM

Since it has been so log post another hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#4 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 04 January 2006 - 09:25 PM

Here ya go!

Logfile of HijackThis v1.99.1
Scan saved at 10:07:08 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\installs\Spyware stuff\HijakThis\HijackThis.exe

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsz40C.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasjaoj.dll (file missing)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nswA1.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AutoLoadersFxe1JYXVMaV] "C:\WINDOWS\system32\ie4tils.exe"
O4 - HKLM\..\Run: [ssEU37l] ie4tils.exe
O4 - HKLM\..\Run: [wqdsoar] C:\WINDOWS\wqdsoar.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.a...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66351BAD-2E03-4C63-BF21-17FBD99A6C2C}: NameServer = 205.188.146.145
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - C:\Program Files\CMMan\mfhlp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gdfbyne.exe (file missing)

#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 January 2006 - 06:48 AM

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here. also a new hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#6 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 11 January 2006 - 09:22 PM

Ok... here is the results of the damage... had no idea this much carp** was on here...

Also NAV (expired version is on this computer atm... am working on buying a new version btw...) found a trojan at c:\windows\system32\nahbluff.exe
I will restart in safe mode and remove the virus asap.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:16:09 PM, 1/11/2006
+ Report-Checksum: 15BE747

+ Scan result:

C:\installs\Spyware stuff\HijakThis\backups\backup-20051217-120329-593.dll -> Trojan.VB.aft : Ignored
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\sFxe1JYXVMaV -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\sFxo1JYXVMaV -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher.1 -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2426672413-817085740-2424879782-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-2426672413-817085740-2424879782-1003\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-2426672413-817085740-2424879782-1003\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@7search[1].txt -> Spyware.Cookie.7search : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cj[1].txt -> Spyware.Cookie.Cj : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4epazieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiupazodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiwndpeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoehdjcaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoqpcjcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkykjd5seo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywnajiep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliclajabp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliglajcfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiqocpmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmychd5mlq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4cndjsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4kidpsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4oicpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wmcpokq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkocpdzakp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoumazggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkygocjikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyopdpmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyqndpoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyupdjcfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4unajicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliegd5aao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlispazmbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloagazcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloojcpado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyelcpkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyqhc5alo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyqndjwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyskd5ihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyuid5keo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyslazkhq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gc5eh.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gcjok.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1kc5ee.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1mczmh.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1nazih.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyekc5obo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyelc5weq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygncpgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyogajwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyohdzklq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqkczgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqkdjkgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-attworldnet.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-cafepress.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-chrysler.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-cisco.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-findlaw.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-ignitemedia.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-nbif.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-proflowers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-realtytrac.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-tienda.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-wachovia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-yourvitamins.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.directnetadvertising[1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlysgdzmgpgsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwkcpmlpaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\adsetup.silent.1.13.b2search.exe -> Dropper.Agent.abb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\adsetup.silent.1.13.exe -> Dropper.Agent.abb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\auf1.exe -> Downloader.Apropo.g : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\b2search_v17.exe -> Dropper.Agent.abb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\i28E.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\s170.3.exe -> Dropper.Agent.tb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\s3c0.4.exe -> Dropper.Agent.tb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\s7o.5.exe -> Dropper.Agent.tb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9FNVHPSE\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ENKZ5YRA\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Error during cleaning
C:\Program Files\Aprps -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\ace.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_22-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_23-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_24-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_25-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_26-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_27-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\AI_28-07-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\data.bin -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\libexpat.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\ProxyStub.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\uninstaller.exe -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\Aprps\WinGenerics.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system\QBUninstaller.exe -> Downloader.Small.aly : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\E6E3E3E6ECE7F0E.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\rastmon.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5.exe -> Dropper.Small.qn : Cleaned with backup
C:\WINDOWS\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll -> Trojan.VB.aft : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:17:12 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\installs\Spyware stuff\HijakThis\HijackThis.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsz40C.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasjaoj.dll (file missing)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nswA1.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AutoLoadersFxe1JYXVMaV] "C:\WINDOWS\system32\ie4tils.exe"
O4 - HKLM\..\Run: [ssEU37l] ie4tils.exe
O4 - HKLM\..\Run: [wqdsoar] C:\WINDOWS\wqdsoar.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O17 - HKLM\System\CCS\Services\Tcpip\..\{66351BAD-2E03-4C63-BF21-17FBD99A6C2C}: NameServer = 205.188.146.145
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - C:\Program Files\CMMan\mfhlp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gdfbyne.exe (file missing)

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 January 2006 - 04:01 AM

Please set your system to show
all files; please see here if you're unsure how to do this.
Close all programs leaving only HijackThis running. Place a check against each of the following,

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsz40C.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasjaoj.dll (file missing)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nswA1.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AutoLoadersFxe1JYXVMaV] "C:\WINDOWS\system32\ie4tils.exe"
O4 - HKLM\..\Run: [ssEU37l] ie4tils.exe
O4 - HKLM\..\Run: [wqdsoar] C:\WINDOWS\wqdsoar.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - C:\Program Files\CMMan\mfhlp.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gdfbyne.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\system32\ie4tils.exe
C:\WINDOWS\wqdsoar.exe
C:\PROGRA~1\SpySpotter
C:\WINDOWS\system32\ichckupd.exe
C:\Program Files\CMMan\mfhlp.dll
C:\WINDOWS\svcproc.exe
C:\WINDOWS\gdfbyne.exe
Exit Explorer, and reboot as normal afterwards.


If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.
Post back a fresh HijackThis log and we will take another look.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#8 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 15 January 2006 - 12:23 PM

I appreciate your help on this!

Here is another log after doing as asked.

I found a windows\cfgmgr52.ini but not the .dll file.

I could not find any of the other files execpt the program files\spyspotter directory which I deleted.

Logfile of HijackThis v1.99.1
Scan saved at 1:20:46 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\installs\Spyware stuff\HijakThis\HijackThis.exe

O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O17 - HKLM\System\CCS\Services\Tcpip\..\{66351BAD-2E03-4C63-BF21-17FBD99A6C2C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 January 2006 - 07:20 PM

Click Start > Run and type in Services.msc Click OK In the Sevices box, click the Extended tab. Scroll down to: System Startup Service Right click on it and select Properties Click Stop to stop the service, then change the Startup Type to: Disabled Click Apply, then click OK. Close the Services editor. Then fix the 023 entry with HijackThis O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) Then post another log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#10 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 16 January 2006 - 05:16 PM

A quick question... what was the system startup service/where does it usually come from?


Logfile of HijackThis v1.99.1
Scan saved at 6:10:57 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\installs\Spyware stuff\HijakThis\HijackThis.exe

O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 January 2006 - 06:43 PM

It is Identified as Trojan.Win32.Stervis.b and usually bundled with nail.exe, a Abetterinternet adware variant.

Read here You can replace Weatherbug with WeatherPulse.

To help keep your PC clean follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Log looks clean. :thumbup:
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#12 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 18 January 2006 - 12:59 PM

I was finally able to get Windows Genuine Advantage tool to load properly and downloaded MS Antispyware and installed it. After uninstalling weatherbug and installing WeatherPulse, I ran a scan with MSA and it detected 18 items that I believe were remnants of all the mess that we removed throughout this topic I am going to post another Hijak This log just in case and would like to reccomend the use of MS Antispyware as one of the tools to use while diagnosing problems that other people may have. MS Antispyware is free and there is a link to download it on microsoft.com's homepage.

Again, I want to thank you for your help. Now that I have finished with this computer, I would like to post the logs of some of my other systems. I know that I will get the best assistance possible from you and/or your team. Thanks a lot!

Below, in order, is the Errors log from Microsoft Antispyware, Then the log of what it cleaned, then the fresh hijakthis log.

EDIT: ok, my post is too long... I will put the cleaner log into another post.

*****************************************************************************************
Errors.log

7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/18/2006 1:20:00 PM:XP:1.0.701
0::Could not verify WinTrust::fileC:\Program Files\Microsoft AntiSpyware\temp.zip::catalogC:\Program Files\Microsoft AntiSpyware\temp.cat::gcTCPObjLib:modMain:VerifyCatalog::1/18/2006 1:20:22 PM:XP:1.0.701
0::DownloadFileAPI Error -2147467260::http://download.spynet.com/ASDefinitions/gcThreatAuditScanData.gcz::C:\Program Files\Microsoft AntiSpyware\temp.zip::gcTCPObjLib:HTTP:DownloadFileAPI::1/18/2006 1:20:24 PM:XP:1.0.701
0::DownloadFileAPI Error -2147467260::http://download.spynet.com/ASDefinitions/gcDeterminationData.gcz::C:\Program Files\Microsoft AntiSpyware\temp.zip::gcTCPObjLib:HTTP:DownloadFileAPI::1/18/2006 1:20:32 PM:XP:1.0.701


*****************************************************************************************

*****************************************************************************************
HijakThis log

Logfile of HijackThis v1.99.1
Scan saved at 1:53:27 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\installs\Spyware stuff\HijakThis\HijackThis.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe

O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102627429312
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

*****************************************************************************************

#13 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 18 January 2006 - 01:01 PM

cleaner.log 1/18/2006 1:43:15 PM::------------------------------------------------------------------ 1/18/2006 1:43:15 PM::Initializing Clean - (ScanID: 8475AE7C-0864-4D0A-BEE8-E7B9B8) 1/18/2006 1:43:15 PM::Remove Threat (ID:15069) 1/18/2006 1:43:15 PM::Clean Threat SurfSideKick (ID:15069) 1/18/2006 1:43:17 PM::Removing file c:\documents and settings\owner\application data\sskknwrd.dll 1/18/2006 1:43:17 PM::RemoveProviderByPath-FilePath=c:\documents and settings\owner\application data\sskknwrd.dll,RC=0,ThreatID=15069 1/18/2006 1:43:17 PM::Removed all related Winsock LSP handler for c:\documents and settings\owner\application data\sskknwrd.dll 1/18/2006 1:43:25 PM::Disable file c:\documents and settings\owner\application data\sskknwrd.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\EE088896-6C39-4746-8E1A-DCFE97\B914EF4B-6A10-4574-BC15-98B61F 1/18/2006 1:43:25 PM::Removing file c:\documents and settings\owner\application data\sskuknwrd.dll 1/18/2006 1:43:25 PM::RemoveProviderByPath-FilePath=c:\documents and settings\owner\application data\sskuknwrd.dll,RC=0,ThreatID=15069 1/18/2006 1:43:25 PM::Removed all related Winsock LSP handler for c:\documents and settings\owner\application data\sskuknwrd.dll 1/18/2006 1:43:32 PM::Disable file c:\documents and settings\owner\application data\sskuknwrd.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\EE088896-6C39-4746-8E1A-DCFE97\6FBE9093-C9D7-46BA-A477-F5CB06 1/18/2006 1:43:32 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}\InprocServer32 [ThreadingModel=Both 1/18/2006 1:43:32 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}\InprocServer32 [=C:\Program Files\SurfSideKick 3\SskBho.dll 1/18/2006 1:43:32 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}\InprocServer32 1/18/2006 1:43:32 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{02EE5B04-F144-47BB-83FB-A60BD91B74A9} 1/18/2006 1:43:32 PM::Removing registry key HKEY_CLASSES_ROOT\clsid\{02EE5B04-F144-47BB-83FB-A60BD91B74A9} 1/18/2006 1:43:32 PM::Removing registry value HKEY_CURRENT_USER\Software\SurfSideKick3\Internet Explorer [Timer= 1/18/2006 1:43:32 PM::Removing registry value HKEY_CURRENT_USER\Software\SurfSideKick3\Internet Explorer [ = 1/18/2006 1:43:32 PM::Removing registry value HKEY_CURRENT_USER\Software\SurfSideKick3\Internet Explorer 1/18/2006 1:43:32 PM::Removing registry value HKEY_CURRENT_USER\Software\SurfSideKick3 1/18/2006 1:43:32 PM::Removing registry key HKEY_CURRENT_USER\Software\SurfSideKick3 1/18/2006 1:43:32 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\SurfSideKick3\Internet Explorer [PInfo= 1/18/2006 1:43:32 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\SurfSideKick3\Internet Explorer 1/18/2006 1:43:32 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\SurfSideKick3 1/18/2006 1:43:32 PM::Removing registry key HKEY_LOCAL_MACHINE\Software\SurfSideKick3 1/18/2006 1:43:32 PM::Clean Threat SurfSideKick (ID:15069) Complete 1/18/2006 1:43:32 PM::Remove Threat (ID:15069) Complete 1/18/2006 1:43:32 PM::Remove Threat (ID:15967) 1/18/2006 1:43:32 PM::Clean Threat Begin2Search.BigTrafficNet (ID:15967) 1/18/2006 1:43:34 PM::Removing file C:\WINDOWS\system32\InstallerV3.exe 1/18/2006 1:43:35 PM::Disable file C:\WINDOWS\system32\InstallerV3.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0A5B5DC8-BB22-435A-9C18-72332E\0F7ED7D0-78FC-4EA7-A20D-634165 1/18/2006 1:43:35 PM::Removing file c:\documents and settings\owner\favorites\1111\1111.url 1/18/2006 1:43:35 PM::Disable file c:\documents and settings\owner\favorites\1111\1111.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0A5B5DC8-BB22-435A-9C18-72332E\FEC6A616-4029-4E51-8B68-DF1D44 1/18/2006 1:43:35 PM::Clean Threat Begin2Search.BigTrafficNet (ID:15967) Complete 1/18/2006 1:43:35 PM::Remove Threat (ID:15967) Complete 1/18/2006 1:43:36 PM::Remove Threat (ID:14899) 1/18/2006 1:43:36 PM::Clean Threat SearchMiracle.EliteBar (ID:14899) 1/18/2006 1:43:37 PM::Removing file c:\windows\etb\etl 1/18/2006 1:43:37 PM::Disable file c:\windows\etb\etl and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\42417027-BF98-488B-9A58-55DC36 1/18/2006 1:43:37 PM::Removing file c:\windows\etb\xml\images\searchpeople.bmp 1/18/2006 1:43:37 PM::Disable file c:\windows\etb\xml\images\searchpeople.bmp and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\DFABF96C-1FF3-463C-8F77-9ED9B2 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\baccarat.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\baccarat.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\A3E529C1-8F07-402C-9D1E-D225C9 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\betting.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\betting.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\0D05563F-1D84-4ED1-8DE8-11FCE6 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\bingo.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\bingo.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\E9BF58B2-4574-49E6-B17B-BBCE4B 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\blackjack.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\blackjack.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\0CD03512-DCD9-4B9B-813D-EC4CA2 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\business schools.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\business schools.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C70CC80F-BD8B-4285-83C9-3C6913 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\careers.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\careers.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\B71E67B0-E00E-4991-8A98-758E33 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\computer training.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\computer training.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C0D74B30-A34A-449E-B503-448CA1 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\education.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\education.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4A38A7D5-7D09-4724-B61F-6DFC93 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\horse racing.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\horse racing.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\3DA553A6-52EA-46E6-A377-935C22 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\management training.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\management training.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4F4E877D-FE83-40D2-B075-DCBDC9 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\mcse.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\mcse.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\49519ACD-0CD3-4E2B-9333-E22A86 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\nba.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\nba.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\FF48E5D4-F425-4D32-B06B-BAFB8F 1/18/2006 1:43:37 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\online betting.url 1/18/2006 1:43:37 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\online betting.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\9A2ADFE8-0B0E-4DE2-A2C5-23E3EC 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\online casinos.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\online casinos.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\04926B0B-9574-4719-ADF2-8FDF41 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\online gaming.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\online gaming.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\D98C80B4-BE6D-4F8A-9785-96AD5E 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\online training.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\online training.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\A43E4D13-4EB8-4EEC-B7F2-3CA578 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\poker.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\poker.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\DFFB4461-39BF-4067-AE42-CACBC8 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\roulette.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\roulette.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\CBC16D50-3E6D-473C-8DB3-6BCBD4 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\slot machines.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\slot machines.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\53515FCD-E043-4AD3-A754-18E0E5 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\sport betting.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\sport betting.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\DB81BAFD-21A4-495A-9C7E-904B17 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\sportsbooks.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\sportsbooks.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4A93D782-7FAE-441B-AD36-BA346A 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\start a business.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\start a business.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\495756C9-FEB3-42CE-B1FF-96B625 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\casino & carrers\work at home.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\casino & carrers\work at home.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\10CD4014-4923-4956-BA46-0F9736 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\advertising.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\advertising.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\8DD62700-1B0D-40F6-A3B5-986CCC 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\asset protection.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\asset protection.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\CD0C299D-B250-4DE0-8555-8886F3 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\bad credit.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\bad credit.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\F6363212-3D1C-4C50-8A20-A092E8 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\bankruptcy.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\bankruptcy.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4AD65059-1C7A-42BF-A908-5CFCA8 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\business opportunity.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\business opportunity.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\6CD36E75-2587-4705-8E61-B0AA41 1/18/2006 1:43:38 PM::Removing file c:\documents and settings\owner\favorites\finances & business\business.url 1/18/2006 1:43:38 PM::Disable file c:\documents and settings\owner\favorites\finances & business\business.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\7702770D-C94C-4677-AEEC-8C2202 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\cash advance.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\cash advance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\11EB6FE3-1170-4433-A5AE-019FEE 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\credit reports.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\credit reports.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\82D4CA0B-B7DA-43EF-94F1-60B2AD 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\credit.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\credit.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\97A3EEBC-8F05-4EC1-B66C-786766 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\debt consolidation.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\debt consolidation.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\484E381C-358D-4A8B-8EB1-985D8F 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\debt relief.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\debt relief.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\AF85A266-D694-49C5-8F17-83D79E 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\e commerce.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\e commerce.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\1B6739AE-925F-42C1-BC4A-BF2890 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\home mortgages.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\home mortgages.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\3D70670A-D4DC-4FA8-9ACE-82B821 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\human resources.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\human resources.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\95E6A8F9-9F6B-4A0A-83C4-958946 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\insurance.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\23E37041-31DC-49E2-8A24-17A1EE 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\loans.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\loans.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C5ED1AC9-8A82-4EFC-AF26-AE1526 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\marketing.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\marketing.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\D4E96AA0-B8F4-4912-8B99-3A9A31 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\project management.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\project management.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\F527C35E-DD8B-4265-B22A-7028C7 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\refinance.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\refinance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\75BC4CC0-736C-4078-B774-B1C501 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\small business.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\small business.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4F03D684-3413-4EB3-B95E-110B15 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\finances & business\work at home.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\finances & business\work at home.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\35805463-5B79-4727-8BC0-FF2616 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\adipex.url 1/18/2006 1:43:39 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\adipex.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\B93CCA26-FA79-4812-89F7-807049 1/18/2006 1:43:39 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\auto insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\auto insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\1229076D-11E4-4EFB-8CB3-0E4465 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\business insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\business insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\F62B3483-5300-457C-9B36-A56315 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\dental insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\dental insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\5E5B71B7-ABE3-417C-BA80-8F2FFA 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\diet pills.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\diet pills.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\5709D4AE-6A4C-4EE9-8962-E0D846 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\hair loss.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\hair loss.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\555B57C2-45B7-4158-A6B0-8FA860 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\health insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\health insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\BD1D6F82-D826-42BA-9B99-4CAAE6 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\home insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\home insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\94C9B48B-2D8B-48EE-9163-09C2D1 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C545B311-0588-4B5F-80AE-084070 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\life insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\life insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\5EDF00CD-965D-4707-89DC-6AAAB3 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\nutrition.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\nutrition.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\3C83F5E9-6F6F-4079-8448-0AB644 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\###### enlargement.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\###### enlargement.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\AC12277F-6EAC-4C72-B0ED-99C8F3 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\phentermine.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\phentermine.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\E728B61C-E800-490C-A5ED-41AD1A 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\prozac.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\prozac.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\4EC86A1A-C3CC-4468-92E4-FAAEB7 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\quit smoking.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\quit smoking.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\796DBAC6-6DB5-47BF-A633-B4F0DF 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\term life insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\term life insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\159E948B-931D-42B7-8CF3-55AC22 1/18/2006 1:43:40 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\travel insurance.url 1/18/2006 1:43:40 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\travel insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\A068BAE7-2CF9-4693-9032-46C463 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\valtrex.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\valtrex.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\BA30F00B-CC0D-4111-B558-152589 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\viagra.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\viagra.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\54A5D90A-25CD-4C87-BE4E-DE17F6 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\weight loss.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\weight loss.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\60BCD5B5-79D3-4EBE-8766-0BFDBD 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\health & insurance\xenical.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\health & insurance\xenical.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\8CD14D09-4B19-46F3-BD4D-1C31DA 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\adventure travel.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\adventure travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\B5696F54-80B6-4182-A353-72D62D 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\air conditioning.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\air conditioning.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\31EC7731-19CF-40B4-BDAE-8F0935 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\air purifiers.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\air purifiers.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\682F0B62-0071-4367-8457-121732 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\air travel.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\air travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\8A7CF0DE-3DEB-47C7-8F0A-0C9782 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\blinds.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\blinds.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\1984A557-6B60-4E90-820E-161433 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\celebrity cruises.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\celebrity cruises.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\2E485F56-B9E0-4097-8D27-CF6CA3 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\cheap hotels.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\cheap hotels.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\727BF04B-DC47-4603-8F1C-E4DA35 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\hawaii travel.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\hawaii travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\87356704-29C0-4654-96A6-146C4A 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\home equity loans.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\home equity loans.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\8E3AE3A9-0F11-4325-85DC-6E31F4 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\home mortgages.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\home mortgages.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\6E126640-A05C-4522-81A1-A80D21 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\international travel.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\international travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\94C30E1D-1080-4E52-BE03-647BB0 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\las vegas hotels.url 1/18/2006 1:43:41 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\las vegas hotels.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C9251B23-4928-4B66-AA88-DBA00F 1/18/2006 1:43:41 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\lighting.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\lighting.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\74543687-2EC3-44BC-A088-5ADE6E 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\mattress.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\mattress.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\0E0E5AF8-A7DF-4D08-BBE2-4FE639 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\moving.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\moving.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\C3BC1A8E-20F4-4812-B12D-8DF659 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\refinance.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\refinance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\3B55FA7D-76A0-4078-9BC7-3FD5C4 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\relocation.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\relocation.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\5A366AC4-8A97-4ECF-AB1D-BA13A9 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\travel agents.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\travel agents.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\1E3F468A-C79C-48D7-9DA0-892E04 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\travel insurance.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\travel insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\3FB623C7-2D61-40DC-8D8E-F9A35B 1/18/2006 1:43:42 PM::Removing file c:\documents and settings\owner\favorites\homelife & travel\travel.url 1/18/2006 1:43:42 PM::Disable file c:\documents and settings\owner\favorites\homelife & travel\travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\23E7EDB4-BC1D-4D40-9C68-F482F6\6B7D8542-7AF8-4416-ADDA-278E77 1/18/2006 1:43:42 PM::Delete folder c:\documents and settings\owner\favorites\casino & carrers\ 1/18/2006 1:43:42 PM::Delete folder c:\documents and settings\owner\favorites\finances & business\ 1/18/2006 1:43:42 PM::Delete folder c:\documents and settings\owner\favorites\health & insurance\ 1/18/2006 1:43:42 PM::Delete folder c:\documents and settings\owner\favorites\homelife & travel\ 1/18/2006 1:43:42 PM::Clean Threat SearchMiracle.EliteBar (ID:14899) Complete 1/18/2006 1:43:43 PM::Remove Threat (ID:14899) Complete 1/18/2006 1:43:43 PM::Remove Threat (ID:10773) 1/18/2006 1:43:43 PM::Clean Threat ShopAtHome (ID:10773) 1/18/2006 1:43:44 PM::Removing file c:\windows\redir.txt 1/18/2006 1:43:44 PM::Disable file c:\windows\redir.txt and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\87E5A20E-3B48-4A2C-B591-4F3512 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\100.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\100.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\6FE77937-A086-4B7F-AEA4-4DC048 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\110.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\110.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\61A1E9BF-7A4B-4CDD-93BE-61E23C 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\1104.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\1104.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\CF8CC527-342E-44F0-9629-5543E0 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\2274.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\2274.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\FC12B656-F4AA-4FFF-BC87-6F6835 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\dosearch.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\dosearch.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\2F96B84F-334C-4398-961A-9FCEA7 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_1reg.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_1reg.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\D2263A58-C946-44EB-861B-BD4B1A 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_2shop.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_2shop.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\8D9CEB0D-9503-428C-BACB-975CA2 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_3cash.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_3cash.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\D0E52E4E-C7E2-417A-A227-EF03BC 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_reg_header.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_reg_header.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\8B5D5B81-73D8-4694-89D1-776A23 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_sahslogo_popup.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_sahslogo_popup.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\AA28BF13-4979-4E19-8124-A85140 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\gr_sahs_logo.gif 1/18/2006 1:43:44 PM::Disable file c:\windows\system32\sahimages\gr_sahs_logo.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\919CB6A6-1E87-4543-8C38-3773A3 1/18/2006 1:43:44 PM::Removing file c:\windows\system32\sahimages\popupdefault.gif 1/18/2006 1:43:45 PM::Disable file c:\windows\system32\sahimages\popupdefault.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\E56F16E5-9B85-439D-8EC3-A532D4 1/18/2006 1:43:45 PM::Removing file c:\windows\system32\sahimages\searchresults.jpg 1/18/2006 1:43:45 PM::Disable file c:\windows\system32\sahimages\searchresults.jpg and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\8D31E63F-544C-4B4A-9E53-BC0719 1/18/2006 1:43:45 PM::Removing file c:\windows\system32\sahimages\shopnow_pop.gif 1/18/2006 1:43:45 PM::Disable file c:\windows\system32\sahimages\shopnow_pop.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\C84D5BE6-20DC-4439-B899-116328 1/18/2006 1:43:45 PM::Removing file c:\windows\system32\sahimages\submit_pop.gif 1/18/2006 1:43:45 PM::Disable file c:\windows\system32\sahimages\submit_pop.gif and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F0D5B0-AF25-4D07-88A3-41A559\523E799D-30DD-4A11-8A34-B5293B 1/18/2006 1:43:45 PM::Delete folder c:\windows\system32\sahimages\ 1/18/2006 1:43:45 PM::Removing registry value HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample 1/18/2006 1:43:45 PM::Removing registry key HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample 1/18/2006 1:43:45 PM::Clean Threat ShopAtHome (ID:10773) Complete 1/18/2006 1:43:45 PM::Remove Threat (ID:10773) Complete 1/18/2006 1:43:45 PM::Remove Threat (ID:15563) 1/18/2006 1:43:45 PM::Clean Threat ABetterInternet.Aurora (ID:15563) 1/18/2006 1:43:49 PM::Removing file C:\WINDOWS\system32\adbltzun.exe 1/18/2006 1:43:50 PM::Disable file C:\WINDOWS\system32\adbltzun.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\269BA4E3-330F-4FFE-8D04-17ABC9\794DC761-5E7C-47DE-915A-BC060F 1/18/2006 1:43:50 PM::Removing file C:\Documents and Settings\Owner\Local Settings\Temp\IFR\aurareco.exe 1/18/2006 1:43:51 PM::Disable file C:\Documents and Settings\Owner\Local Settings\Temp\IFR\aurareco.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\269BA4E3-330F-4FFE-8D04-17ABC9\27B6D940-F269-4CED-A8AA-EEFBD6 1/18/2006 1:43:51 PM::Removing file C:\Documents and Settings\Owner\Local Settings\Temp\SDJ\aurareco.exe 1/18/2006 1:43:52 PM::Disable file C:\Documents and Settings\Owner\Local Settings\Temp\SDJ\aurareco.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\269BA4E3-330F-4FFE-8D04-17ABC9\83ACD89D-D70B-42AC-BFEA-A72243 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj.1\CLSID [={4AA870AC-8427-42a4-B92E-ECD956197489} 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj.1\CLSID 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj.1 [=AuroraHandlerObj Class 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj.1 1/18/2006 1:43:52 PM::Removing registry key HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj.1 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj\CLSID [={4AA870AC-8427-42a4-B92E-ECD956197489} 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj\CLSID 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj\CurVer [=AuroraHandlerDll.AuroraHandlerDllObj.1 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj\CurVer 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj [=AuroraHandler Functional Class 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj 1/18/2006 1:43:52 PM::Removing registry key HKEY_CLASSES_ROOT\AuroraHandlerDll.AuroraHandlerDllObj 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\InprocServer32 [=C:\WINDOWS\AuroraHandler.dll 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\InprocServer32 [ThreadingModel=Apartment 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\InprocServer32 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\ProgID [=AuroraHandler.AuroraHandlerObj.1 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\ProgID 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\Programmable 1/18/2006 1:43:52 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\TypeLib [={6D992911-B563-47fc-AB29-437F42D1C729} 1/18/2006 1:43:53 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\TypeLib 1/18/2006 1:43:53 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\VersionIndependentProgID [=AuroraHandler.AuroraHandlerObj 1/18/2006 1:43:53 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489}\VersionIndependentProgID 1/18/2006 1:43:53 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489} [=AuroraHandlerObj Class 1/18/2006 1:43:53 PM::Removing registry value HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489} 1/18/2006 1:43:53 PM::Removing registry key HKEY_CLASSES_ROOT\clsid\{4AA870AC-8427-42a4-B92E-ECD956197489} 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUC3n5trMsgSDisp=0 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUs3t5icky1S=capdate%3D0619%26capdatedy%3D1106%26lupgtry%3D1%26lupgid%3D235%26lupgdt%3D1127568506368%26lflshdt%3D1123635194%26lstlogdt%3D20051106%26cntp%3Ddialup%260%3D%26capcnt%3D8%26capcntdy%3D12%26 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUs3t5icky2S=rtmr%3D310%26fstcidt%3D1123635194027%260%3D%26rcntr%3D4%26 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [ = 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [ = 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUC1o3d5eOfSFinalAd=8 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUT3i5m7eOfSFinalAd=1131321258|0|1131322834|0|0|0|0|1131323524|0| 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUD3s5tSSEnd=’›–‚ÀÀÍŽˆÌŽˆ“˜Á—ÀƒÝ¾‰Üœ›œ 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AU3N5a7tionSCode=US 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUP3D5om=•‰„—ˆ€’†“‚‹ˆŸÌ‘Ÿ 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUT3h5rshSCheckSIn=45 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUT3h5rshSMots=100 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUM3o5deSSync=9 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUI3n5ProgSCab=0 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUI3n5ProgSEx=0 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUI3n5ProgSLstest=0 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUC3n5tFyl=1 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUI3d5OfSDist=138|1|0|0|THIN-138-1-X-X.EXE 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUI3d5OfSInst={558F11D6-B81B-4B08-8977-973D105FF97F} 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUB3D5om=˜Š‘†•‰„—ˆœŒ—Ž˜€‘œÌ‘•‚ž‘–†‰Ô€• 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUE3v5nt=0 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUT3h5rshSBath=10000 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUT3h5rshSysSInf=2000 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUL3n5Title=60 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUC3u5rrentSMode=1 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [ = 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUS3t5atusOfSInst=axed 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora [AUL3a5stSSChckin=203980 1/18/2006 1:43:53 PM::Removing registry value HKEY_CURRENT_USER\Software\aurora 1/18/2006 1:43:53 PM::Removing registry key HKEY_CURRENT_USER\Software\aurora 1/18/2006 1:43:54 PM::Clean Threat ABetterInternet.Aurora (ID:15563) Complete 1/18/2006 1:43:54 PM::Remove Threat (ID:15563) Complete 1/18/2006 1:43:54 PM::Remove Threat (ID:14978) 1/18/2006 1:43:54 PM::Clean Threat AproposMedia (ID:14978) 1/18/2006 1:43:56 PM::Removing file C:\Documents and Settings\Owner\Local Settings\Temp\auf0.exe 1/18/2006 1:43:57 PM::Disable file C:\Documents and Settings\Owner\Local Settings\Temp\auf0.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\6BF4B7A5-D528-40DF-A14D-3D0527\D276033E-0ABC-4C0F-9B77-BCC70D 1/18/2006 1:43:57 PM::Removing file c:\documents and settings\owner\local settings\temp\autoupdate0\libexpat.dll 1/18/2006 1:43:57 PM::RemoveProviderByPath-FilePath=c:\documents and settings\owner\local settings\temp\autoupdate0\libexpat.dll,RC=0,ThreatID=14978 1/18/2006 1:43:57 PM::Removed all related Winsock LSP handler for c:\documents and settings\owner\local settings\temp\autoupdate0\libexpat.dll 1/18/2006 1:44:03 PM::Disable file c:\documents and settings\owner\local settings\temp\autoupdate0\libexpat.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\6BF4B7A5-D528-40DF-A14D-3D0527\87C93835-DBEE-4F3C-9548-338396 1/18/2006 1:44:03 PM::Removing file c:\documents and settings\owner\local settings\temp\autoupdate0\setup.inf 1/18/2006 1:44:03 PM::Disable file c:\documents and settings\owner\local settings\temp\autoupdate0\setup.inf and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\6BF4B7A5-D528-40DF-A14D-3D0527\5FFD504C-59A3-4BD7-B17E-C56549 1/18/2006 1:44:03 PM::Delete folder c:\documents and settings\owner\local settings\temp\autoupdate0\ 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [ProxyStub=C:\Program Files\Aprps\proxystub.dll 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [Plugin=C:\Program Files\Aprps\cxtpls.dll 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [ClientName=C:\Program Files\Aprps\CxtPls.exe 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [LegalNote=nonbranded 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [InstallationId={X86e6a0d-3736-6d87-303b-db898ea510cd} 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [PartnerId=CP.SAV 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client [ServerAddress=adchannel.contextplus.net 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps\Client 1/18/2006 1:44:03 PM::Removing registry value HKEY_LOCAL_MACHINE\Software\Aprps 1/18/2006 1:44:03 PM::Removing registry key HKEY_LOCAL_MACHINE\Software\Aprps 1/18/2006 1:44:03 PM::Clean Threat AproposMedia (ID:14978) Complete 1/18/2006 1:44:04 PM::Remove Threat (ID:14978) Complete 1/18/2006 1:44:04 PM::Remove Threat (ID:15489) 1/18/2006 1:44:04 PM::Clean Threat PacerDMedia.Installer (ID:15489) 1/18/2006 1:44:06 PM::Removing file C:\WINDOWS\system32\bsva-egihsg52.exe 1/18/2006 1:44:07 PM::Disable file C:\WINDOWS\system32\bsva-egihsg52.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\80727BCF-7ABA-4A4C-803C-AE1D15\C849EC4C-72E3-4A76-9A01-E8D6FD 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [u1=1 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [u2=1 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [14=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [3=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [12=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [6=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [5=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 [29=true 1/18/2006 1:44:07 PM::Removing registry value HKEY_CURRENT_USER\Software\PSof1 1/18/2006 1:44:07 PM::Removing registry key HKEY_CURRENT_USER\Software\PSof1 1/18/2006 1:44:07 PM::Clean Threat PacerDMedia.Installer (ID:15489) Complete 1/18/2006 1:44:07 PM::Remove Threat (ID:15489) Complete 1/18/2006 1:44:07 PM::Remove Threat (ID:14990)

#14 SharkNH

SharkNH

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 18 January 2006 - 01:02 PM

I hope that information helps you guys...

#15 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 19 January 2006 - 10:01 AM

Not seeing anything wrong with you log. How is the PC running?
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·